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CHAPTER 1 
Hacking briefly 


Hacking 


Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of 
the creator's original purpose. 


The most fundamental meaning of hacking is gaining unauthorized access to data in a system or 
computer. 


Hacking is exploiting security controls either in a technical, physical or a human-based element. ~ 
Kevin Mitnick 


The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle 
and philosophy of their choice, is called a hacker. 


Computer hacking is the most popular form of hacking nowadays, especially in the field of computer 
security. 


The mass attention given to blackhat hackers from the media cause the whole hacking term is often 
mistaken for any security related cybercrime. 


However, the word "hacking" has two definitions. The first definition refers to the hobby/profession 
of working with computers. The second definition refers to modifies computer hardware or software 
in a way that changes the creator's original intent. 


It is the art of exploiting computers to get access to otherwise unauthorized information. Now that the 
world is using IT systems to gather, store and manipulate important information there is also a need to 
make sure that data is secure. However, no system is without is problems. Holes are often present 
within security systems which, if exploited, allow hackers to gain access to this otherwise restricted 


information. 


Purpose behind Hacking : When somebody tries to access other's computer systems with the aim 
of destroying or altering important information or data, such an activity is defined as hacking and 
the person is called a hacker. It is believed that hacking activities are not backed by solid logical 
reasons. On the contrary, hackers try to experiment with the computer brilliance by trying of 
affect other system with viruses. Hacking is done mostly for sheer pleasure by which a hacker 
wants to prove his skills. But if at all one searches for reasons behind it, it can be logically 
concluded Hacking is carried out with the objective of tracing vital information and affecting 
computer systems with viruses. 


Hacker 


Hacker is a term used by some to mean "a clever programmer" and by others, especially those in 
popular media, to mean "someone who tries to break into computer systems. 


Cracking 


Cracking is the act of breaking into a computer system, often on a network. A cracker can be doing 
this for profit, maliciously, for some altruistic purpose or cause, or because the challenge is there. 
Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security 
system. 


Contrary to widespread myth, cracking does not usually involve some mysterious leap of hackerly 
brilliance, but rather persistence and the dogged repetition of a handful of fairly well-known tricks 
that exploit common weaknesses in the security of target systems. Accordingly, most crackers are 
only mediocre hackers. These two terms should not be confused with each others. Hackers generally 
deplore cracking. 


Cracker 


A cracker is someone who breaks into someone else's computer system, often on a network; bypasses 
passwords or licenses in computer programs; or in other ways intentionally breaches computer 
security. 


Hacking as a Destructive Tool 


The common stance on hacking with the average person is that it is morally wrong. There have been 
several instances where hacking has proven to have caused problems. Hacking can create a variety of 
damages to people, groups and systems of broad spectrum. Negative Hacking Interactions: 


Identity Theft — Some hackers can gain access to sensitive information which could be used to fuel 


identity theft. This identity theft can cause damages to credit ratings from consumer agencies, run-ins 
with the law because the person who stole the identity committed a crime, or other damages which 
may not be repairable at all. 


E-mail Access — Hackers have the ability to gain access to personal e-mail accounts. These can have 
a variety of information and other private files which most people would regard as important. This 
information could also hold sensitive data which could be used against someone or simply cause ruin 
for those who are involved in the breach of privacy. 


Website Security — Many websites have been victims of hackers. Usually the hackers would simply 
destroy data and leave the websites in an inoperable state which would leave website owners with 
the task of rebuilding their sites from scratch if they did not have a backup. This could also pose risks 
for companies who had their consumer's payment information hosted on their websites. Defacing the 
websites by leaving tags or "calling cards" stating the unknown group's signature was not uncommon 
in the early days of hacking websites. 


Hacking as a Political Statement 


Some hackers are out to get the government and show the vulnerabilities that the government has in 
trusting their systems too much. 


This is extremely illegal in the United States and other countries. This has led to some vulnerability ir 
security systems to being fixed and made the government computer systems even stronger. Of course it 
is difficult to do this kind of hacking without a trace being left behind. 


Most if not all hackers who get into the government systems around the world are captured by the 
government and punished for unauthorized access to their systems. 


Hacking through Worm Exploits 


Worms are nasty pieces of malicious code which are designed to find vulnerabilities in computer 
systems and exploit them with automated processing. 


They can be used to destroy data, collect information or simply lie in wait until they are given 
commands to do something. The worm code self replicates and tries to infect as many systems as 
possible. 


The big threat that these worms bring is the knowledge that a system is open. This can allow the 
automated response to install a back door into a system which can allow malicious hackers to gain 
access to computers as well as turning systems into "zombies" which could be used for various 
purposes including spamming and masking the actions of the original hacker. Creators of catastrophic 
software such as the author of the first Internet worm, Robbert Tappan Morris Jr. did not mean to do 
bad at all. 


Before the Internet, there was ARPANET (Advanced Research Projects Agency Network), whic 
was used by the United States government Department of Defense. Morris created the Morris worm 


which was meant to gauge the size of the Internet but had actually gained access to ARPANET by 
accessing vulnerabilities in Unix based systems which were in use at the time. 


There was an error in his coding of the worm which caused replication at exponential rates which 
gained access into NASA and the Air Force systems. It was not intended to harm the computers, bu 
did show that they were vulnerable to attacks. He got off with only community service even though 
federal guidelines should have given him extensive consequences for his actions. He was hired by 
MIT and is currently a professor working in the Artificial Intelligence Laboratory. 


Hacking as a Learning Tool 


Hacking leads several people into the interest of creating newer, better software which can 
revolutionize the electronic world. 


Although it is important to remember that hacking is a varied skill and those who have been hacking 
the longest will have more success because they know how computers work and how they have 
evolved over time. 


Ethical hackers use their knowledge to improve the vulnerabilities in systems, their hardware and 
software. The ethical hackers come from a wide variety of different backgrounds. 


The best examples are from ex-malicious hackers who decide their purpose is to help prevent 
damages to companies by holes in their security. These companies pay their ethical hackers 
handsomely as they are providing a service which could be extremely useful in preventing damages 
and loss. 


They can be hired by single companies who need advanced protection while others could be hired by 
software designers who will reach millions of people around the world. 


Possible Protection from Hackers 


Protection from hackers is important no matter whether it is for personal use or for large 
corporations. The following tools are the best defense against hackers: 


Firewalls — The firewall is a software barrier which is designed to protect private resources and 
prevents unauthorized network traffic. They are designed to block off ports of access on the computer 
and require administrative clearance to access resources. 


Routers — All modern routers include firewalls and protective features. You can password protect 
wireless networks and create useful protection with them. 


Updates — Software updates are crucial to ensure the safety and security of any application of the 
software. It could be the operating system at home or the server software that processes website 
information and more. 


CHAPTER 2 
Classification 


various Kind of hacking 


Computer Hackers have been around for so many years. Since the Computer and Internet became 
widely used in the World, We have started to hear more and more about hacking. 


As the word ‘Hacking’ has two meaning, so the word ‘Hacker’ is a word that has two meanings: 


Traditionally, a Hacker is someone who likes to play with Software or Electronic Systems. Hackers 
enjoy Exploring and Learning how Computer systems operate. They love discovering new ways tc 
work electronically. 


Recently, Hacker has taken on a new meaning that someone who finds weaknesses in a computer or 
computer network, though the term can also refer to someone with an advanced understanding of 
computers and computer networks. 


Normally, Hackers are people who try to gain unauthorized access to your computer. 


With controversy, the term hacker is reclaimed by computer programmers who argue that someone 
breaking into computers is better called a cracker, not making a difference between computer 
criminals (black hats) and computer security experts (white hats). Some white hat hackers claim that 
they also deserve the title hacker, and that only black hats should be called crackers. 


If hackers, if anyone committing a criminal act, wants to reduce their risk, they obviously don't 
involve anybody else. The greater the circle of people that know what you're doing, the higher the 
risk. ~ Kevin Mitnick 


Classifications of Hacker 


There are many more types of hackers in the world according to their motive and type of work. The 
following list forwards one mote steps to better knowing hackers. 


White hat hacker 


The term "White hat hacker" refers to an ethical hacker, or a computer security expert, who 
specializes in penetration testing and in other testing methodologies to ensure the security of an 
organization's information systems. Ethical hacking is a term coined by IBM meant to imply a broade1 
category than just penetration testing. White-hat hackers are also called penetration tester, sneakers, 
red teams, or tiger teams. Generally, White hat hackers or ethical hackers are the good guy in the 
world of hackers. 


Black hat hacker 


A black hat hacker is an individual with extensive computer knowledge whose purpose is to breach 
or bypass internet security. Black hat hackers are also known as crackers or dark-side hackers. The 


general view is that, while hackers build things, crackers break things. They are computer security 
hackers that break into computers and networks or also create computer viruses. The term “black hat” 
comes from old westerns where the bad guys usually wore black hats. 


Black hat hackers break into secure networks to destroy data or make the network unusable for those 
who are authorized to use the network. 


They choose their targets using a two-pronged process known as the "pre-hacking stage". 
Step 1: Targeting 

Step 2: Research and Information Gathering 

Step 3: Finishing the Attack 

Grey hat hacker 


A grey hat hacker is a combination of a black hat and a white hat hacker. It may relate to whether they 
sometimes arguably act illegally, though in good will, or to show how they disclose vulnerabilities. 
They usually do not hack for personal gain or have malicious intentions, but may be prepared to 
technically commit crimes during the course of their technological exploits in order to achieve better 
security. 


Blue hat 


A blue hat hacker is someone outside computer security consulting firms who is used to bug test a 
system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term 
BlueHat to represent a series of security briefing events. 


Elite hacker 


A social status among hackers, elite is used to describe the most skilled. Newly discovered activities 
will circulate among these hackers. 


Script kiddie 
A script kiddie (or skiddie) is a non-expert who breaks into computer systems by using pre-packaged 
automated tools written by others, usually with little understanding of the underlying concept hence 


the term script (1.e. a prearranged plan or set of activities) kiddie (i.e. kid, child an individual lacking 
knowledge and experience, immature). 


Neophyte “newbie” 


A neophyte, "n00b", or "newbie" is someone who is new to hacking or phreaking and has almost no 
knowledge or experience of the workings of technology, and hacking. 


Hacktivist 


A hacktivist is a hacker who utilizes technology to announce a social, ideological, religious, or 
political message. In general, most hacktivism involves website defacement or denial-of-service 
attacks. 


Nation state 


It refers to Intelligence agencies and cyber warfare operatives of nation states. 
Organized criminal gangs 

Criminal activity carried on for profit. 

Bots 


Automated software tools, some freeware, available for the use of any type of hacker. 


CHAPTER 3 
Computer Security 
Computer Crime and 
Intelligence Agency 


Computer Security 


The security applied to computing devices such as computers and smartphones, as well as computer 
networks such as private and public networks, including the whole Internet is called as Computer 
Security. 


Security Information 


Protection 
Code Data 


Safety Privy acy 


It includes physical security to prevent theft of equipment and information security to protect the data 
on that equipment. It is sometimes referred to as "Cyber Security" or "IT security". 


Cybersecurity is the process of applying security measures to ensure confidentiality, integrity, and 
availability of data. 


Computer Threats 


A threat is a possible danger that might exploit a vulnerability to breach security and thus cause 
possible harm. 


It can be either "intentional" (1.e., intelligent; e.g., an individual cracker or a criminal organization) or 
"accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of a natural disaster 
such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event. 


Computer Crime 


Computer crime refers to any crime that involves a computer and a network. Net crime refers to 
criminal exploitation of the Internet. 


Cybercrimes are defined as: "Offences that are committed against individuals or groups of 
individuals with a criminal motive to intentionally harm the reputation of the victim or cause 
physical or mental harm to the victim directly or indirectly, using modern telecommunication 
networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones 
(SMS/MMS) ". 


Such crimes may threaten a nation’s security and financial health. Issues surrounding this type of 
crime has become high-profile, particularly those surrounding cracking, copyright infringement, child 
pornography, and child grooming. There are also problems of privacy when confidential information 
is lost or intercepted, lawfully or otherwise. 


CYBERCRIME 
5 SIMPLE RULES TO STAY PROTECTED ONLINE 


1 CHECK FOR VIRUSES AND MALWARE 


Although it can be time consuming, R wil take less time 
Dan r 


bet | ing 
covering from a case of identity thant 
P@SSWORDS 2 


Do not use the same password for every account. Be 
feative, combine letters, qnurnibers and sock! characters 
el Q Don't forget to change your passwords occasionally 


3) AVOID PHISHING SCHEMES 


Beware of strange URLs requesting your login and password. The homepage wil look 
feel, but the URL wil be take. This allows hackers to steal your nfarmetion and repost 
pam under your prose 


Always make sure to change your router's default password 
t rrrina’s offen know t} ak th hack 
your network ar f r 


Never purchase with personal dotais on your mobile phones 
while on an unsecure Wi-Fi signal, You never know 
who's watching 


ALK TO STRANCERS 


Wve heard this when you were a chid, but the 
to adults too, esp aly when & cor 


Topology of computer crime 


Computer crime encompasses a broad range of activities. Generally, however, it may be divided into 
two categories: (1) crimes that target computers directly; (2) crimes facilitated by computer networks 
or devices, the primary target of which is independent of the computer network or device. 


1. Crimes that primarily target computer networks or devices include: Computer viruses, 
Denial-of-service attacks, Malware (malicious code) 


2. Crimes that use computer networks or devices to advance other ends include: Cyber 


stalking, Fraud and identity theft, Information warfare, Phishing scams 
Cyber Terrorism 


Cyber terrorism in general, can be defined as an act of terrorism committed through the use of 
cyberspace or computer resources. As such, a simple propaganda in the Internet, that there will be 
bomb attacks during the holidays can be considered cyber-terrorism. 


Top 10 Intelligence agencies of the world 


CIA — America 

Formed : September 18, 1947 

Agency executive : Leon Panetta, Director 
Parent agency : Central Intelligence Group 


CIA is the largest of the intelligence agencies and is responsible for gathering data from other 
countries that could impact U.S. policy. It is a civilian intelligence agency of the United States 
government responsible for providing national security intelligence to senior United States 
policymakers. The CIA also engages in covert activities at the request of the President of the Unitec 
States of America. The CIA’s primary function is to collect information about foreign governments, 
corporations, and individuals, and to advise public policymakers. The agency conducts covert 
operations and paramilitary actions, and exerts foreign political influence through its Special 
Activities Division. It has failed to control terrorism activities including 9/11, Not even a single tor 
level Al-Queda leader captured own its own in the past 9 years — ‘they missed 1 Million’ Soviet 
troops marching into Afghanistan’. Iraq’s Weapons of Mass Destruction, Have the found them yet? - 
Number of defectors/ double agents numbers close to a thousand. On 50th anniversary of CIA 
President Clinton said ”By necessity, the American people will never know the full story of your 
courage. Indeed, no one knows that what CIA really does”. Highly funded and technologically mos 
advanced Intelligence set-up in the world. 


M1-6 — United Kingdom 

Formed : 1909 as the Secret Service Bureau 

Jurisdiction : Government of the United Kingdom 
Headquarters : Vauxhall Cross, London 

Agency executive : Sir John Sawers KCMG, Director General 
Parent agency : Foreign and Commonwealth Office 


The British have had a long public perception of an effective intelligence agency (due to the success 
of the unrealistic, yet entertaining, James Bond movies). This perception matches reality. MI6, the 


British equivalent to the CIA, has had two big advantages in staying effective: The British Officia 
Secrets Act and D notices can often prevent leaks (which have been the bane of the CIA’s existence). 
Some stories have emerged. In the Cold War, MI6 recruited Oleg Penkovsky, who played a key par 
in the favorable resolution of the Cuban Missile Crisis, and Oleg Gordievski, who operated for < 
decade before MI6 extracted him via Finland. The British were even aware of Norwood’s activities 
but made the decision not to tip their hand. MI6 also is rumored to have sabotaged the Tu-144 
supersonic airliner program by altering documents and making sure they fell into the hands of the 
KGB. 


ISI — Pakistan 

Formed : 1948 

Jurisdiction : Government of Pakistan 

Headquarters : Islamabad, Pakistan 

Agency executive : Lieutenant General Ahmad Shuja Pasha, PA Director General 


With the lengthiest track record of success, the best know Intelligence so far on the scale of records is 
ISI. The Inter-Services Intelligence was created as an independent unit in 1948 in order to strengthe1 
the performance of Pakistan’s Military Intelligence during the Indo-Pakistani War of 1947. Its success 
in achieving its goal without leading to a full scale invasion of Pakistan by the Soviets is a feat 
unmatched by any other through out the intelligence world. KGB, The best of its time, failed tc 
counter ISI and protect Soviet interests in Central Asia. It has had 0 double agents or Defector; 
through out its history, considering that in light of the whole war campaign it carried out from money 
earned by selling drugs bought from the very people it was bleeding, The Soviets. It has protected its 
Nuclear Weapons since formed and it has foiled Indian attempts to attain ultimate supremacy in the 
South-Asian theatres through internal destabilization of India. It is above All laws in its host country 
Pakistan ‘A State, with in a State’. Its policies are made ‘outside’ of all other institutions with the 
exception of The Army. Its personnel have never been caught on camera. Its is believed to have the 
highest number of agents worldwide, close to 10,000. The most striking thing is that its one of the 
least funded Intelligence agency out of the top 10. 


Mossad — Israel 

Formed : December 13, 1949 as the Central Institute for Coordination 
Agency executive : Meir Dagan, Director 

Parent agency : Office of the Prime Minister 


The Mossad is responsible for intelligence collection and covert operations including paramilitary 
activities. It is one of the main entities in the Israeli Intelligence Community, along with Amar 
(military intelligence) and Shin Bet (internal security), but its director reports directly to the Prime 
Minister. The list of its successes is long. Israel’s intelligence agency is most famous for having taken 


out a number of PLO operatives in retaliation for the attack that killed eleven Israeli athletes at the 
1972 Olympic games in Munich. However, this agency has other success to its name, including the 
acquisition of a MiG-21 prior to the Six-Day war of 1967 and the theft of the plans for the Mirage £ 
after the deal with France went sour. Mossad also assisted the United States in supporting Solidarity 
in Poland during the 1980s. 


MSS — China 

Jurisdiction : People’s Republic of China 

Headquarters : Beijing 

Agency executive : Geng Huichang, Minister of State Security 
Parent agency : State Council 


Ministry of State Security is the security agency of the People’s Republic of China. It is also probabl: 
the Chinese government’s largest and most active foreign intelligence agency, though it is also 
involved in domestic security matters. Article 4 of the Criminal Procedure Law gives the MSS the 
same authority to arrest or detain people as regular police for crimes involving state security with 
identical supervision by the procuratorates and the courts. It is headquartered near the Ministry of 
Public Security of the People’s Republic of China in Beijing. According to Liu Fuzhi, Secretary 
General of the Commission for Politics and Law under the Central Committee of the Communist Part 
of China and Minister of Public Security, the mission of the MSS is to ensure “the security of the stat 
through effective measures against enemy agents, spies, and counter-revolutionary activities designed 
to sabotage or overthrow China’s socialist system.” One of the primary missions of the MSS is 
undoubtedly to gather foreign intelligence from targets in various countries overseas. Many MSS 
agents are said to have operated in the Greater China region (Hong Kong, Macau, and Taiwan) and tc 
have integrated themselves into the world’s numerous overseas Chinese communities. At one point, 
nearly 120 agents who had been operating under non-official cover in the U.S., Canada, Western and 
Northern Europe, and Japan as businessmen, bankers, scholars, and journalists were recalled tc 
China, a fact that demonstrates the broad geographical scope of MSS agent coverage. 


BND — Germany 

Formed : 1 April 1956 

Agency executive : Gehlen Organization 
Parent agency : Central Intelligence Group 


The Bundesnachrichtendienst is the foreign intelligence agency of the German government, under the 
control of the Chancellor’s Office. The BND acts as an early warning system to alert the Germai 
government to threats to German interests from abroad. It depends heavily on wiretapping and 
electronic surveillance of international communications. It collects and evaluates information on a 
variety of areas such as international terrorism, WMD proliferation and illegal transfer of technology, 


organized crime, weapons and drug trafficking, money laundering, illegal migration and information 
warfare. As Germany’s only overseas intelligence service, the BND gathers both military and civil 
intelligence. 


FSB — Russia 

Formed : 3 April, 1995 
Headquarters : Lubyanka Square 
Preceding agency : KGB 


The Federal Security Service of Russian Federation (FSD) is the main domestic security agency c 
the Russian Federation and the main successor agency of the Soviet-era Cheka, NK VD and KGB. TI 
FSB is involved in counter-intelligence, internal and border security, counter-terrorism, and 
surveillance. Its headquarters are on Lubyanka Square, downtown Moscow, the same location as the 
former headquarters of the KGB. All law enforcement and intelligence agencies in Russia work unde! 
the guidance of FSB, if needed. For example, the GRU, spetsnaz and Internal Troops detachments o 
Russian Ministry of Internal Affairs work together with the FSB in Chechnya. The FSB is responsibl 
for internal security of the Russian state, counterespionage, and the fight against organized crime, 
terrorism, and drug smuggling. The number of FSB personnel and its budget remain state secrets 
although the budget was reported to jump nearly 40% in 2006. 


DGSE -— France 

Formed: April 2, 1982 

Preceding agency : External Documentation and Counter-Espionage Service 
Minister responsible : Hervé Morin, Minister of Defence 

Agency executive : Erard Corbin de Mangoux, Director 


Directorate General for External Security is France’s external intelligence agency. Operating unde 
the direction of the French ministry of defence, the agency works alongside the DCRI (the Centra 
Directorate of Interior Intelligence) in providing intelligence and national security, notably by 
performing paramilitary and counterintelligence operations abroad. The General Directorate for 
External Security (DGSE) of France has a rather short history compared to other intelligence agencies 
in the region. It was officially founded in 1982 from a multitude of prior intelligence agencies in the 
country. Its primary focus is to gather intelligence from foreign sources to assist in military and 
strategic decisions for the country. The agency employs more than five thousand people. 


RAW - India 
Formed : 21 September 1968 


Headquarters : New Delhi, India 
Agency executive : K. C. Verma, Secretary (R) 
Parent agency : Prime Minister’s Office, Gol 


Research and Analysis Wing is India’s external intelligence agency. It was formed in September 
1968, after the newly independent Republic of India was faced with 2 consecutive wars, the Sino- 
Indian war of 1962 and the India-Pakistani war of 1965, as it was evident that a credible intelligence 
gathering setup was lacking. Its primary function is collection of external intelligence, counter- 
terrorism and covert operations. In addition, it is responsible for obtaining and analyzing information 
about foreign governments, corporations, and persons, in order to advise Indian foreign policymakers. 
Until the creation of R&AW, the Intelligence Bureau handled both internal and external intelligence. 


ASIS — Australia 

Formed: 13 May 1952 

Headquarters : Canberra, Australian Capital Territory, Australia 

Minister responsible : The Hon. Stephen Smith MP, Minister for Foreign Affairs 
Agency executive : Nick Warner, Director-General 


Australian Secret Intelligence Service is the Australian government intelligence agency responsible 
for collecting foreign intelligence, undertaking counter-intelligence activities and cooperation with 
other intelligence agencies overseas. For more than twenty years, the existence of the agency was a 
secret even from its own government. Its primary responsibility is gathering intelligence from mainly 
Asian and Pacific interests using agents stationed in a wide variety of areas. Its main purpose, as witt 
most agencies, is to protect the country’s political and economic interests while ensuring safety for 
the people of Australia against national threats. 


CHAPTER 4 
Network systems and DNS working 


Computer Network 


A computer network is a group of computer systems and other computing hardware devices that are 
linked together through communication channels to facilitate communication and resource-sharing 
among a wide range of users. Networks are commonly categorized based on their characteristics. 


One of the earliest examples of a computer network was a network of communicating computers that 


functioned as part of the U.S. military's Semi-Automatic Ground Environment (SAGE) radar systen 
In 1969, the University of California at Los Angeles, the Stanford Research Institute, the University o 
California at Santa Barbara and the University of Utah were connected as part of the Advancec 
Research Projects Agency Network (ARPANET) project. It is this network that evolved to becom 
what we now call the Internet. 


Networks are used to: 

Facilitate communication via email, video conferencing, instant messaging, etc. 
Enable multiple users to share a single hardware device like a printer or scanner 
Enable file sharing across the network 

Allow for the sharing of software or operating programs on remote systems 

Make information easier to access and maintain among network users 

There are many types of networks, including: 

Local Area Networks (LAN) 

The computers are geographically close together (that is, in the same building). 
Wide Area Networks (WAN) 

The computers are farther apart and are connected by telephone lines or radio waves. 
Metropolitan Area Networks (MAN) 

A data network designed for a town or city. 

Home Area Networks (HAN) 

A network contained within a user's home that connects a person's digital devices. 
Intranet 


An intranet is basically a network that is local to a company. In other words, users from within this 
company can find all of their resources without having to go outside of the company. An intranet can 
include LANs, private WANs and MANs, 


Extranet 


An extranet is an extended intranet, where certain internal services are made available to known 
external users or external business partners at remote locations. 


Internet 


An internet is used when unknown external users need to access internal resources in your network. In 
other words, your company might have a web site that sells various products, and you want any 
external user to be able to access this service. 


Browser vends “http get” 
COMMAND FO wed server 


Web server returns 
HTML Gate stream 


A virtual private network (VPN) is a special type of secured network. A VPN is used to provide < 
secure connection across a public network, such as an internet. Extranets typically use a VPN tc 
provide a secure connection between a company and its known external users or offices. 


Authentication is provided to validate the identities of the two peers. 
Confidentiality provides encryption of the data to keep it private from prying eyes. 


Integrity is used to ensure that the data sent between the two devices or sites has not been tampered 
with. 


Benefits of networking 
There are lots of advantages from build up a network, but the three big facts are- 
File Sharing 


From sharing files you can view, modify, and copy files stored on a different computer on the network 
just as easily as if they were stored on your computer. 


Resource Sharing 


Resources such as printers, fax machines, Storage Devices (HDD, FDD and CD Drives), Webcan 
Scanners, Modem and many more devices can be shared. 


Program Sharing 


Just as you can share files on a network, you can often also share program on a network. For example, 
if you have the right type of software license, you can have a shared copy of Microsoft Office, or 
some other program, and keep it on the network server, from where it is also run. 


Network Host 


A network host (or simply referred to as a host) can be any computer or network device connected to 


the computer network. This computer can be a terminal or a web server offering services to its 
clients. 


Network Protocol 


A network protocol (or just referred to as protocol) is a set of rules and conventions that are 
necessary for the communication between two network devices. For example, two computers on a 
network can communicate only if they agree to follow the protocols. 


The following are some of the most widely referred network protocols: 


Internet Protocol (IP Address) 


An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g. 
computer, printer) participating in a computer network that uses the Internet Protocol for 
communication. An IP address serves two principal functions: host or network interface identification 
and location addressing. Its role has been characterized as follows: "A name indicates what we seek. 
An address indicates where it is. A route indicates how to get there." 


IP addresses are binary numbers, but they are usually stored in text files and displayed in human- 
readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1 (for IPv6). 


Types of IP Address 


Private IP Address: A private IP address is the one that is assigned to a computer on the Local Area 
Network (LAN). A typical example of private IP address would be something like: 192.168.0.4 


Public IP Address: A public IP address is the one that is assigned to a computer connected to the 
Internet. An example public IP address would be something like: 59.93.1 15.119 


In most cases a computer gets connected to the ISP network using a private IP. Once a computer is or 
the ISP network it will be assigned a public IP address using which the communication with the 
Internet is made possible. 


How to Find the IP Address of a Computer? 


Finding your public IP is extremely simple. Just type “what is my IP” on Google to see your public I 
address displayed in search results. 


In order to find your private IP, just open the command prompt window (type cmd in the “Run” box) 
and enter the following command: 


ipconfig/all 


This will display a long list of details about your computer’s network devices and their configuration. 
To see your private IP address, just scroll down to find something as “IPv4 Address” which is 
nothing but your private IP. 


Hyper Text Transfer Protocol (HTTP) 


Hypertext Transfer Protocol, abbreviated as HTTP, is a communications protocol used for the 
transfer of information over the Internet. A client makes an HTTP request using a web browser tc 
which an HTTP response is sent from the server. 


File Transfer Protocol (FTP) 


The File Transfer Protocol provides a standard for transferring files between two computers on the 
network. FTP is most widely used in carrying out upload/download operations between a server and 
a workstation. 


Simple Main Transfer Protocol (SMTP) 


The Simple Mail Transfer Protocol provides a standard for sending e-mails from one server tc 
another. Most e-mail systems that send mail over the Internet use SMTP to exchange messages 
between the server. 


Telnet 


Telnet is a network protocol that allows you to connect to remote hosts on the Internet or on a local 
network. It requires a telnet client software to implement the protocol using which the connection is 
established with the remote computer. 


In most cases telnet requires you to have a username and a password to establish connection with the 
remote host. Occasionally, some hosts also allow users to make connection as a guest or public. 


After the connection 1s made, one can use text based commands to communicate with the remote host. 
The syntax for using the telnet command is as follows: 


telnet <hostname or IP> port 


WWW 


The World Wide Web (abbreviated as WWW or W3, and commonly known as the Web) is a system 
of interlinked hypertext documents accessed via the Internet. With a web browser, one can view web 
pages that may contain text, images, videos, and other multimedia, and navigate between them via 
hyperlinks. 


It is the collection of internet resources (such as FTP, telnet, Usenet), hyperlinked text, audio, and 
video files, and remote sites that can be accessed and searched by browsers based on standards such 
as HTTP and TCP/IP. 


SSH - Secure Shell 


Developed by SSH Communications Security Ltd., Secure Shell is a program to log into anothe 
computer over a network, to execute commands in a remote machine, and to move files from one 
machine to another. It provides strong authenticationand secure communications over insecure 
channels. It is a replacement for rlogin, rsh, rcp, and rdist. 


SSH protects a network from attacks such as IP spoofing, IP source routing, and DNS spoofing. 


An attacker who has managed to take over a network can only force ssh to disconnect. He or she 
cannot play back the traffic or hijack the connection when encryptionis enabled. 


When using ssh's slogin (instead of rlogin) the entire login session, including transmission of 
password, is encrypted; therefore it is almost impossible for an outsider to collect passwords. 


SSH port forwarding 


An SSH service that provides secure and encrypted connections to traditionally non-encryptec 
services, such as e-mail or news. 


SSH port forwarding allows you to establish a secure SSH session and then tunnel TCP connection 
through it. It works by opening a connection to forward a local port to a remote port over SSH. 


The client software (e.g. your e-mail client) is then set to connect to the local port. With SSH por 
forwarding passwords are sent over an encrypted connection. Also called SSH tunneling. 


Network Port 


A computer may be running several services on it like HTTP (web server), SMTP, FTP and so on 
Each of these services are uniquely identified by a number called network port (or simply referred to 
as port). If a computer wants to avail a specific service from another computer, it has to establish a 
connection to it on the exact port number where the intended service is running. 


For example, if a terminal is to request a web document from a remote server using HTTP, it has tc 
first establish a connection with the remote server on port 80 (HTTP service runs on port 80) before 
placing the request. 


In simple words, port numbers can be compared to door numbers where each door grants access to a 
specific service on a computer. 


List of Well-Known Ports 
Port Description 

Number 

1 TCP Port Service Multiplexer 
(TCPMUX) 

5 Remote Job Entry (RJE) 
ECHO 

18 Message Send Protocol (MSP) 

20 FTP -- Data 

21 FTP -- Control 

22 SSH Remote Login Protocol 

23 Telnet 

25 Simple Mail Transfer Protocol 
(SMTP) 

29 MSG ICP 

37 Time 

42 Host Name Server (Nameserv) 

43 Whols 

49 Login Host Protocol (Login) 


53 Domain Name System (DNS) 


69 Trivial File Transfer Protocol (TFTP) 


70 Gopher Services 

79 Finger 

80 HTTP 

103 X.400 Standard 

108 SNA Gateway Access Server 

109 POP2 

110 POP3 

115 Simple File Transfer Protocol (SFTP) 

118 SQL Services 

119 Newsgroup (NNTP) 

137 NetBIOS Name Service 

139 NetBIOS Datagram Service 

143 Interim Mail Access Protocol (IMAP) 

150 NetBIOS Session Service 

156 SQL Server 

161 SNMP 

179 Border Gateway Protocol (BGP) 

190 Gateway Access Control Protocol 
(GACP) 

194 Internet Relay Chat (IRC) 

197 Directory Location Service (DLS) 

389 Lightweight Directory Access Protocol 
(LDAP) 

396 Novell Netware over IP 

443 HTTPS 

444 Simple Network Paging Protocol 
(SNPP) 

445 Microsoft-DS 

458 Apple QuickTime 

546 DHCP Client 

547 DHCP Server 

563 SNEWS 

569 MSN 

1080 Socks 


A port number is a way to identify a specific process to which an Internet or other network 
message is to be forwarded when it arrives at a server. 


A port number is a way to identify a specific process to which an Internet or other network 
message is to be forwarded when it arrives at a server. For the Transmission Control Protocol and 
the User Datagram Protocol, a port number is a 16-bit integer that is put in the header appendea 


to a message unit. This port number is passed logically between client and server transport layers 
and physically between the transport layer and the Internet Protocol layer and forwarded on. 


Domain Name System 


DNS, as it is called, refers to the hierarchical naming system used for computers, resources and 
services on the Internet. It translates the computer hostnames to IP addresses. 


DNS resolves an IP address to a hostname or vice versa. 


DNS is basically a large database which resides on various computers that contains the names and IF 
addresses of various hosts/domains. Other than ip-address DNS also associates various informatior 
with the domain names. 
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Structure of a DNS 


DNS uses a hierarchical tree based name structure. At top of the tree is the “root” (represented as a 
dot (.) ) followed by the TLD ( Top Level Domain ), then by the domain-name and any number o: 
lower level sob-domains separated by a dot. 


The Top Level Domains are divided into 2 categories: 
1. Generic TLD (gTLD) 
2. Country Code TLD (ccTLD) 


Below are some of the common Generic Top Level Domains: 
.com— comercial web sites 
.org — non profit organizations web sites 
.edu — restricted to schools and institutions. 


net — originally for network infrastructures, now unrestricted 


Below are some fo the Country Code Top Level Domains: 
.us — United States 
in — India 
uk — United Kingdom 


.ru— Russia 


The following shows a sample representation of the structure of the DNS tree: 


Authority, Delegation and Zone 


The Authority for the root domain and gTLD lies with Internet Corporation for Assigned Numbers and 
Names (ICANN). ccTLD’s are delegated to individual countries for administration purpose. Eac 
level in the hierarchy may delegate the authoritative control to the next lower level. There is a DNS 
server running in every level of the hierarchy and the responsibility of running the DNS server lies 
with the Authority at that level. 


For Example, when the root domain gets a DNS query for www.example.com, the root will delegate 
responsibility for resolving to its lower level “.com’, which in-turn will delegate to “example”. 
Finally the DNS server in the “example” will respond with the IP address of the hostname “www”. 


A zone is simply a portion of a domain. For example, the domain example.com may contain all the 
information for a.example.com, b.example.com and c.example.com. However, the zone example.com 
contains only information for example.com and delegates the responsibility to the authoritative name 
servers for the subdomains. In general, if there are no subdomains, then the zone and domain are 
essentially the same. 


Resource Records 


A DNS zone database is made up of a collection of resource records. Each resource record specifies 
information about a particular object. The DNS server uses these records to answer queries for hosts 
inits zone. For example, address mapping (A) record, map a host name to an IP address, and reverse- 
lookup pointer (PTR) records map an IP address to a host name. Here are some of commonly usec 
Resource Records. 


A Record: The ‘A’ record specifies the IP address of a host. ‘A’ record will have the details of the 
domain name and its associated IP address. When a Query is given to resolve domain name, DNS 
server will refer the ‘A’ record and answer with the IP address present in the record. 


PTR Record: A PTR record maps the IP address to a specific host. 


NS Record: An NS record or name server record maps a domain name to a list of DNS server: 
authoritative for that domain. Delegations depend on NS records. 


MX Record: An MX record or mail exchange record maps a domain name to a list of mail exchange 
servers for that domain. For example, when you send a mail to alpha@example.com, the mail will be 
routed to the Mail Server as specified in MX record. 


DNS Queries 


A DNS query would be something like ‘what is the IP address of a.example.com’. A DNS server ma‘ 
receive such a query for any domain, to which it has no information about. The DNS server will 
respond is different ways for which it has no information about. 


The following are the three types of DNS queries: 


1. Recursive query 
2. Iterative query 
3. Inverse query 


In Recursive query, the following are the steps involved when a host queries its local DNS server fo1 
‘a.example.com’. 


e Host sends query ‘what is the IP address of a.example.com’ to locally configured DNS 
server. 
DNS server looks up a.example.com in local tables — not found 
DNS sends query to a root-server for the IP of a.example.com 
The root-server replies with a referral to the TLD servers for .com 
The DNS server sends query ‘what is the IP address a.example.com’ to one of the .com TLI 
servers. 
e The TLD server replies with a referral to the name servers for example.com 
e The DNS server sends query ‘what is the IP address a.example.com’ to name server fo1 
example.com. 
Zone file defines a A record which shows ‘a’ s IP address is x.x.x.x. 
e DNS returns the A record for ‘a’. 


In Iterative query, if the DNS server doesn’t know the answer, it will refer other DNS server a: 
response. So the client which initiates the query will once again contact the DNS server which came 


in as response. 


In Inverse query, an IP address will be provided and a hostname will be asked. 


Proxy server 


A proxy server is a server (a computer system or an application) that acts as an intermediary for 
requests from clients seeking resources from other servers. 


A client connects to the proxy server, requesting some service, such as a file, connection, web page, 
or other resource available from a different server and the proxy server evaluates the request as a 
way to simplify and control its complexity. 


Proxies were invented to add structure and encapsulation to distributed systems. 
Today, most proxies are web proxies, facilitating access to content on the World Wide Web and 


providing anonymity. 


oF ta Belew what “whe: is 
| as current time is sles cg time 


Bob. says ma The time 
time is te) is Ena 


Communication between two computers (shown in grey) connected through a third computer 
(shown in red) acting as a proxy. Bob does not know whom the information is going to, which is 
why proxies can be used to protect privacy. 


Proxy Server - Types 
There are many different types of proxy server and here are some common types: 
Anonymous Proxy 


Anonymous proxy servers conceal your information. When you go to request something from the 
webpage, the webpage gets the IP address of the proxy server that you're using instead of your own. 
The server has no way of accessing your IP address and communication between you and the proxy 
server is encrypted, in cases where the greatest deal of security is desired. 


High Anonymity Proxy 


This type of proxy server does not identify itself as a proxy server and does not make available the 
original IP address. High anonymity proxies, only include the REMOTE ADDR header with the I 
address of the proxy server, making it appear that the proxy server is the client. 


Transparent Proxy 


An example of a transparent proxy would be a server that simply forwards your request to the 
resource that you want without concealing any of your information. This may be used in the 
workplace, where the IP address of the request is revealed to the server being requested from but 
where the proxy provides access to the resource for a multitude of computers within the network. 
Transparent proxies are generally not what people are looking for when they go shopping for proxy 
server access online. 


Reverse Proxy 


A reverse proxy server is generally used to pass requests from the Internet, through a firewall to 
isolated, private networks. It is used to prevent Internet clients from having direct, unmonitored 
access to sensitive data residing on content servers on an isolated network, or intranet. If caching is 
enabled, a reverse proxy can also lessen network traffic by serving cached information rather than 
passing all requests to actual content servers. 


CHAPTER 5 
Various Types of Hacking attacks 


Active attacks 


An active attack is a network exploit in which a hacker attempts to make changes to data on the target 
or data en route to the target. 


Types of active attacks 
Masquerade Attack 


In a masquerade attack, the intruder pretends to be a particular user of a system to gain access or to 
gain greater privileges than they are authorized for. A masquerade may be attempted through the use 
of stolen login IDs and passwords, through finding security gaps in programs or through bypassing the 
authentication mechanism. 


Session Replay Attack 


In a session replay attack, a hacker steals an authorized user’s log in information by stealing the 
session ID. The intruder gains access and the ability to do anything the authorized user can do on the 
website. 


Message Modification Attack 


In a message modification attack, an intruder alters packet header addresses to direct a message to a 
different destination or modify the data on a target machine. 


Denial of Service (DoS) attack 


In a denial of service (DoS) attack, users are deprived of access to a network or web resource. This 
is generally accomplished by overwhelming the target with more traffic than it can handle. 


Distributed Denial-of-Service (DDoS) exploit 


In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems 
(sometimes called a botnet or zombie army) attack a single target. 


Passive Attack 


A passive attack is a network attack in which a system is monitored and sometimes scanned for open 
ports and vulnerabilities. The purpose is solely to gain information about the target and no data is 
changed on the target. 


Passive attacks include active reconnaissance and passive reconnaissance. 


In passive reconnaissance, an intruder monitors systems for vulnerabilities without interaction, 
through methods like session capture. 


In active reconnaissance, the intruder engages with the target system through methods like port 
scans. 


Methods of passive attacks 


War driving detects vulnerable Wi-Fi networks by scanning them from nearby locations with a 
portable antenna. The attack is typically carried out from a moving vehicle, sometimes with GPS 
systems that hackers use to plot out areas with vulnerabilities on a map. War driving can be done just 
to steal an Internet connection or as a preliminary activity for a future attack. 


In dumpster diving, intruders look for information stored on discarded computers and other devices 
or even passwords in trash bins. The intruders can then use this information to facilitate covert entry 


to a network or system. 


An intruder might masquerade as an authorized network user and spy without interaction. With that 
access, an intruder might monitor network traffic by setting the network adapter to promiscuous mode. 


CHAPTER 6 
Hacking Tools 


HACKING TOOLS 


e A hacking tool is a program designed to assist with hacking, or a piece of software which 
can be used for hacking purposes. 

e Examples include Nmap, Nessus, John the Ripper, pOf, and Winzapper. 

e Bribes have also been described as among the most potent hacking tools, due to their 
potential exploitation in social engineering attacks. Occasionally, common software such 
as ActiveX is exploited as a hacking tool as well. 

e Hacking tools such as Cain and Abel, however, are well known as Script Kiddie Tools. 
Script kiddies are people who follow instructions from a manual, without realising how it 
happens. These Script Kiddies have been an enormous threat to computer security as 
there are many hacking tools and keyloggers up for download which are free. 


Password Cracker Software 


A password cracker software, which is often referred to as a password recovery tool, can be used to 
crack or recover the password either by removing the original password, after bypassing the data 
encryption, or by outright discovery of the password. In the process of password cracking, a very 
common methodology used to crack the user password is to repeatedly make guesses for the probable 
password and perhaps finally hitting on the correct one. It cannot be denied that whenever we are 
referring to cyber security, passwords are the most vulnerable security links. On the other hand if the 
password is too completed, the user might forget it. Password Cracker software are often used by the 
hackers to crack the password and access a system to manipulate it. Do not unethically use these 
software for hacking passwords. 


In the next section you would be getting familiar with some of the popular Password Cracker tools 
which are used by hackers for password cracking. 


Click the software names to download the software from their website 


Ophcrack 
Medusa 


RainbowCrack 
Wfuzz 

Brutus 
LOphtCrack 
Fgdump 

THC Hydra 


e John The Ripper 
e Aircrack 


e Cain And Abel 
e TKECrack 


Wireless Hacking Tools 


Wireless Hacking Tools are those hacking tools which are used to hack into a wireless network 
which is usually more susceptible to security threats. One must also ensure that the network is 
completely secured against hacking or other malwares. The list of wireless hacking tools which 
would be discussed now can be used to do a Penetration Testing for a Wireless Network. This is an 
intentional attack on a network to detect security vulnerabilities by accessing its data and 
functionality. 


Click the software names to download the software from their website 


e Aircrack-ng 


e Kismet 

e InSSIDer 
° KisMAC 
e Firesheep 
e KARMA 


e NetStumbler 


e WepLab 


Network Scanning & Hacking Tools 


Click the software names to download the software from their website 


Nmap 

Nmap or Network Mapper is a free open source utility tool for network discovery and security 
auditing solution for you. It is a flexible, powerful, portable and easy-to-use tool that is supported by 
most of the operating systems like Linux, Windows, Solaris, Mac OS and others. 


SuperScan 

It is an multi-functional application that is designed for scanning TPC port. This is also a pinger and 
address resolver. It also has useful features like ping, traceroute, WhoIs and HTTP request. There is 
no need of installation as it is a portable application. 


Angry IP Scanner 


It is a fast port and IP address scanner. It is a lightweight and cross-platform application that has the 
capacity to scan the IP addresses in any range and also in their ports. It simply pings each IP address. 


Packet Crafting to Exploit Firewall Weaknesses 


Through Packet crafting technique, an attacker capitalizes your firewall’s vulnerabilities. Here are 
some packet crafting tools. 


Click the software names to download the software from their website 


e Scapy 
e Netcat 
e Yersinia 


e Nemesis 


e Socat 


Traffic Monitoring for Network Related Hacking 


These tools allow users to monitor the websites one’s children or employees are viewing. Here’s a 
list of some of these tools. 


Click the software names to download the software from their website 


Splunk 

If you want to convert your data into powerful insights Splunk tools are the best options for you. The 
Splunk tools are the leading platforms for operational intelligence. It can collect any type of data from 
any machine in real time. 


Nagios 

Nagios is the name for the industry standard in monitoring IT infrastructure. The Nagios tools helps 
you monitor your entire IT infrastructure and have the capability to detect problems well ahead they 
occur. It can also detect security breaches and share data availability with stakeholders. 


POf 


It is versatile passive tool that is used for OS fingerprinting. This passive tool works well in both 
Linux and Windows operating systems. It has the capability to detect the hooking up of the remote 
system whether it is Ethernet, DSL or OC3. 


Ngrep 
Ngrep or network grep is a pcap-aware tool that allows you to extend hexadecimal or regular 


expressions in order to match it against the data loads of the packet. It can recognize IPv4/6, UDP, 
TCP, Ethernet, SLIP, PPP, FDDI and many others. 


Packet Sniffers to Analyze Traffic 


These tools help capture and analyze incoming traffic on your website. Some of the popular ones are 
listed below. 


Click the software names to download the software from their website 


Wireshark 


Tcpdump 
Ettercap 
Dsniff 


EtherApe 
Paros 


¢ Fiddler 


e Ratproxy 
e Sslstrip 


Rootkit Detectors to Hack File System 


This is a directory and file integrity checker. It checks the veracity of files and notifies the user if 
there’s an issue. 


Click the software names to download the software from their website 


¢ AIDE (Advanced Intrusion Detection Environment) 
e Netfilter 


e PF: OpenBSD Packet Filter 


Fuzzers to Search Vulnerabilities 


Fuzzing is a term used by hackers for searching a computer system’s security vulnerabilities. Here is 
a list of a few: 


Click the software names to download the software from their website 


e Skipfish 


e Wfuzz 
e W3af 
Forensics 


These tools are used for computer forensics, especially to sniff out any trace of evidence existing in a 
particular computer system. Here are some of the most popular. 


Click the software names to download the software from their website 


Sleuth Kit 


It is an open source digital intervention or forensic tool kit. It runs on varied operating systems 
including Windows, Linux, OS X and many other Unix systems. It can be used for analyzing disk 
images along with in-depth analysis of file system like FAT, Ext3, HFS+, UFS and NTFS. 


Helix 


This is a Linux based incident response system. It is also used in system investigation and analysis 
along with data recovery and security auditing. The most recent version of this tool is based on 
Ubuntu that promises ease of use and stability. 


Maltego 


It is an open source forensic and intelligence application. It can be used for gathering information in 


all phases of security related work. It saves you time and money by performing the task on time in 
smarter way. 


Encase 


Encase is the fastest and most comprehensive network forensic solution available in the market. It is 
created following the global standard of forensic investigation software. It has the capability of 
quickly gathering data from wide variety of devices. 


Debuggers to Hack Running Programs 


These tools are utilized for reverse engineering binary files for writing exploits and analyzing 
malware. 


Click the software names to download the software from their website 


GDB 


Immunity Debugger 
Netcat 


Traceroute 


Hacking Operating Syste ms 


There are numerous professionals who aspire to have a career as ethical hackers. Hacking is not an 
easy task as it requires great insight about technology and programing. There are specific operating 
systems as well that are specially designed for the hackers to use. These operating systems have 
preloaded tools and technologies that hackers can utilize to hack. This article offers a detailed 
overview of various operating systems that are built keeping hacking in mind. All these operating 
systems are unique from each other and have proved to be a great resource for the hackers around the 
world. 


Click the software names to download the software from their website 


Backtrack 5r3 


This operating system is built keeping the most savvy security personnel in mind as audience. This is 
also a useful tool even for the early newcomers in the information security field. It offers quick and 
easy way to find and also update the largest database available for the security tools collection till 
date. 


Kali Linux 

This is a creation of the makers of BackTrack. This is regarded as the most versatile and advanced 
penetration testing distribution ever created. The documentation of the software is built in an easy 
format to make it the most user friendly. It is one of the must-have tools for ethical hackers that is 
making a buzz in the market. 


SELinux 


Security Enhanced Linux or SELinux is an upstream repository that is used for various userland tools 
and libraries. There are various capabilities like policy compilation, policy management and policy 
development which are incorporated in this utility tool along with SELinux services and utilities. The 
user can get the software as a tested release or from the development repository. 


Knoppix 
The website of Knoppix offers a free open source live Linux CD. The CD and DVD that is available 
contain the latest and recent updated Linux software along with desktop environments. This is one of 


the best tools for the beginners and includes programs like OpenOffice.org, Mozilla, Konqueror, 
Apache, MySQL and PHP. 


BackBox Linux 


It is a Linux distribution that is based on Ubuntu. If you want to perform security assessment and 
penetration tests, this software is the one that you should have in your repository. It proactively 
protects the IT infrastructure. It has the capability to simplify the complexity of your IT infrastructure 
with ease as well. 


Pentoo 


It is security focused live CD that is created based on Gentoo. It has a large number of customized 
tools and kernels including a hardened kernel consisting of aufs patches. It can backport Wi-Fi stack 
from the latest kernel release that is stable as well. There are development tools in Pentoo that have 
Cuda/OPENCL cracking. 


Matriux Krypton 


If you are looking for a distro to be used in penetration testing and cyber forensic investigation, then 
Matriux Krypton is the name that you can trust. This is a Debian based GNU/Linux security 
distribution. It has more than 340 powerful tools for penetration testing and forensics; additionally, it 
contains custom kernel 3.9.4. 


Node Zero 


This is regarded as the specialist tool that is specifically designed for security auditing and 
penetration testing. It is a reliable, stable and powerful tool to be used for this purpose and is based 
on the current Ubuntu Linux distribution. It is a free and open source system that you can download 
from the website. 


Blackbuntu 


It is free and open source penetration testing distribution available over the internet. It is based on 
Ubuntu 10.10, which is designed specifically for the information security training students and 
professional. It is fast and stable yet a powerful tool that works perfectly for you. This software is a 
recommendation from most of the users. 


Blackbuntu 


It is free and open source penetration testing distribution available over the internet. It is based on 
Ubuntu 10.10, which is designed specifically for information security, training students and 
professionals. It is fast and stable, yet a powerful tool that works perfectly for you. This software is a 
recommendation from most of the users. 


Samurai Web Testing Framework 


It is a live Linux environment that is designed in such a way that it functions as a web-pen testing 
environment. The software CD contains tools and programs that are open source and free. The tool 
selection is based on the ones that the company themselves use for security of their IT infrastructure. 


WEAKERTH4AN 


It's a great pentesting distro comprising of some innovative pentesting tools. The software uses 
Fluxbox and is built using Debian Squeeze. One of it's popular features is its ability to hack old 
Android based systems. 


CAINE (Computer Aided Investigative Environment) 


It is an Italian GNU/Linux live distribution list that was created as project of Digital Forensic. It 
offers a complete forensic environment. This environment is organized in such a way that it integrates 
the existing software tools and software module, and finally throws the result in the form of friendly 
graphical interface. 


Bugtraq 


It is one of the most stable and comprehensive distributions. It offers stable and optimal 
functionalities with stable manger in real-time. It is based upon 3.2 and 3.4 kernel Generic that is 
available in both 32 and 64 Bits. Bugtraq has a wide range of tools in various branches of the kernel. 
The features of the distribution vary as per your desktop environment 


DE 


DEFT is a distribution that is created for computer forensics. It can run in live stream on the system 
without corrupting the device. The system is based on GNU/Linux and the user can run this live using 
CD/DVD or USB pendrive. DEFT is now paired with DART, which is a forensic system. 


Helix 


There are various versions of Helix released by e-fense that are useful for both home and business 
use. The Helix3 Enterprise is a cyber-security solution offered by this organization that provides 
incident response. It throws live response and acquires volatile data. Helix3 Pro is the newest 
version in the block of Helix family products. 


Encryption Tools 


Times are changing and spying has become a common phenomenon everywhere. There have been 
increasing instances where even the governments have been found to be spying on their citizens from 
time to time. This is one of the prime reasons why the importance of Encryption has increased 
manifold. Encryption tools are very important because they keep the data safe by encrypting it so that 
even if someone accesses the data, they can’t get through the data unless they know how to decrypt the 
data. These tools use algorithm schemes to encode the data to prevent unauthorized access to the 
encrypted data. 


Some of the popular Encryption Tools will be listed below: 


Click the software names to download the software from their website 


TrueCrypt 


TrueCrypt is open source encryption tool which can encrypt a partition in the Windows environment 
(except Windows 8); it’s equipped for creating a virtual encrypted disk in a file. Moreover, it has the 
capability to encrypt the complete storage device. TrueCrypt can run on different operating systems 
like Linux, Microsoft Windows and OSX. TrueCrypt stores the encryption keys in the RAM of the 
computer. 


OpenSSH 


OpenSSH is the short name for Open Secure Shell and is a free software suite which is used to make 
your network connections secured. It uses the SSH protocol to provide encrypted communication 
sessions in a computer network. It was designed originally as an alternative to the Secure Shell 
Software developed by SSH Communications Security. The tool was designed as a part of the 
OpenBSD project. 


Pul TY 


It an open source encryption tool available on both UNIX and Windows operating system. It is a free 
implementation of SSH (Secure Shell) and Telnet for both Windows as well as UNIX. The beauty of 
this tool is that it supports many network protocols like Telnet, SCP, rlogin, SSH and raw socket 
connection. The word PuTTY has no specific meaning, however as in UNIX tradition, tty is a 
terminal name. 


OpenSSL 


OpenSSL is an open source encryption tool which implements the TLS and SSL protocols. 
OpenSSL’s core library is written in the C programming language. The fundamental cryptographic 
functions are implemented by it. OpenSSL versions are available for operating systems like UNIX, 
Solaris, Linux and Mac OS X. The project was undertaken in 1988 with the objective of inventing 
free encryption tools for the programs being used on the internet. 


Tor 


Tor is a free encryption tool and has the capability to provide online anonymity as well as censorship 
resistance. Internal traffic is directed through a free network which consists of more than five 
thousand relays so that the user’s actual location can be hidden. It is difficult to track the Internet 
activities like visiting web sites and instant messages; the most important goal of this tool is to ensure 
the personal privacy of the users. 


OpenVPN 
It is an open source tool for the implementation of virtual private network techniques so that secured 
site-to-site or point-to-point connections using routers or bridges are possible, also remote access is 
possible. OpenVPN offers the users a secured authentication process by using secret keys which are 
pre-shared. 


Stunnel 


Stunnel is a multi-platform open source tool which is used to ensure that both the clients and the 
servers get secured encrypted connections. This encryption software can operate on a number of 
operating system platforms like Windows as well as all operating systems which are UNIX like. 
Stunnel depends upon a distinct library like SSLeay or OpenSSL to implement the protocols (SSL or 
TLS) 


KeePass 


KeePass is an open source as well as free password management tool for the Microsoft Windows as 
well as unofficial ports for operating systems such as iOS, Linux, Android, Mac OS X and Windows 
Phone. All the usernames, passwords and all other fields are stored by KeePass in a secured 
encrypted database. This database in turn is protected by a single password. 


Intrusion Detection System and the IDs Tools 


An Intrusion Detection System is a software application or a device which is equipped to do network 
or system monitoring activities for any malicious threats and sends reports to the management station. 
Intrusion detection tools can help in identifying potential threats which can be dangerous for the 
system or the network. 


Click the software names to download the software from their website 


Hacking Vulnerability Exploitation Tools 


A tool which identifies whether a remote host is vulnerable to a security attack and tries to protect the 
host by providing a shell or other function remotely, is called a Vulnerability Exploitation tool. Here 
is a list of some popular ones: 


Click the software names to download the software from their website 


e Metasploit 


e Sqlmap 
e Sqlninja 


e Social Engineer Toolkit 
e NetSparker 


e BeEF 
e Dradis 
Vulnerability Scanners 


The scanners which assess the vulnerability of a network or a computer to security attacks are known 
as Vulnerability Scanners. The tools might function differently, however all of them aim to provide an 
analysis on how vulnerable the system or a network is. Here is a list of the best ones: 


Click the software names to download the software from their website 


e Nessus 


e OpenVAS 
e Nipper 


e Secunia PSI 


e Retina 
e QualysGuard 
e Nexpose 
Web Vulnerability Scanners 


While vulnerability scanners are meant for your system, the web vulnerability scanners assess the 
vulnerability of web applications. It identifies the security vulnerabilities that your app might have by 
conducting various tests. 


Click the software names to download the software from their website 


e Burp Suite 
e Webscarab 


e Websecurify 
e Nikto 


e W3af 


CHAPTER 7 
Malware : A hackers Henchman 


Malware 


Malware, short for malicious software, is any software used to disrupt computer operation, gather 
sensitive information, or gain access to private computer systems. 


Malware is defined by its malicious intent, acting against the requirements of the computer user, and 
does not include software that causes unintentional harm due to some deficiency. The term badware is 
sometimes used, and applied to both true (malicious) malware and unintentionally harmful software. 


Types of Malware 


Adware 


Adware (short for advertising-supported software) is a type of malware that automatically delivers 
advertisements. Common examples of adware include pop-up ads on websites and advertisements 
that are displayed by software. Software and applications often offer “free” versions that come 
bundled with adware. Most adware is sponsored or authored by advertisers and serves as a revenue 
generating tool. 


While some adware is solely designed to deliver advertisements, it is not uncommon for adware to 
come bundled with spyware that is capable of tracking user activity and stealing information. Due to 
the added capabilities of spyware, adware/spyware bundles are significantly more dangerous than 
adware on its own. 


Spyware 


Spyware is a type of malware that functions by spying on user activity without their knowledge. 
These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting 
(account information, logins, financial data), and more. Spyware often has additional capabilities as 
well, ranging from modifying security settings of software or browsers to interfering with network 
connections. Spyware spreads by exploiting software vulnerabilities, bundling itself with legitimate 
software or in Trojans. 


Bot 


Bots are software programs created to automatically perform specific operations. While some bots 
are created for relatively harmless purposes (video gaming, internet auctions, online contests, etc), it 
is becoming increasingly common to see bots being used maliciously. Bots can be used in botnets 
(collections of computers to be controlled by third parties) for DDoS attacks, as spambots that render 
advertisements on websites, as web spiders that scrape server data, and for distributing malware 
disguised as popular search items on download sites. Websites can guard against bots with 
CAPTCHA tests that verify users as human. 


Bug 


In the context of software, a bug is a flaw produces an undesired outcome. These flaws are usually the 
result of human error and typically exist in the source code or compilers of a program. Minor bugs 
only slightly affect a program’s behaviour and, as a result, can go for long periods of time before 
being discovered. More significant bugs can cause crashing or freezing. Security bugs are the most 
severe type of bugs and can allow attackers to bypass user authentication, override access privileges, 
or steal data. Bugs can be prevented with developer education, quality control and code analysis 
tools. 


Ransomware 


Ransomware is a form of malware that essentially holds a computer system captive while demanding 
a ransom. The malware restricts user access to the computer either by encrypting files on the hard 
drive or locking down the system and displaying messages that are intended to force the user to pay 
the malware creator to remove the restrictions and regain access to their computer. Ransomware 
typically spreads like a normal computer worm (see below) ending up on a computer via a 
downloaded file or through some other vulnerability in a network service. 


Rootkit 


A rootkit is a type of malicious software designed to remotely access or control a computer without 
being detected by users or security programs. Once a rootkit has been installed it is possible for the 
malicious party behind the rootkit to remotely execute files, access/steal information, modify system 
configurations, alter software (especially any security software that could detect the rootkit), install 


concealed malware, or control the computer as part of a botnet. 


Rootkit prevention, detection, and removal can be difficult due to their stealthy operation. Because a 
rootkit continually hides its presence, typical security products are not effective in detecting and 
removing rootkits. As a result, rootkit detection relies on manual methods such as monitoring 
computer behaviour for irregular activity, signature scanning, and storage dump analysis. 
Organisations and users can protect themselves from rootkits by regularly patching vulnerabilities in 
software, applications and operating systems, updating virus definitions, avoiding suspicious 
downloads and performing static analysis scans. 


Trojan Horse 


A Trojan horse, commonly known as a “Trojan,” is a type of malware that disguises itself as a normal 
file or program to trick users into downloading and installing malware. A Trojan can give a 
malicious party remote access to an infected computer. Once an attacker has access to an infected 
computer, it is possible for the attacker to steal data (logins, financial data, even electronic money), 
install more malware, modify files, monitor user activity (screen watching, keylogging, etc), use the 
computer in botnets, and anonymise internet activity by the attacker. 


Virus 


A virus is a form of malware that is capable of copying itself and spreading to other computers. 
Viruses often spread to other computers by attaching themselves to various programs and executing 
code when a user launches one of those infected programs. Viruses can also spread through script 
files, documents, and cross-site scripting vulnerabilities in web apps. Viruses can be used to steal 
information, harm host computers and networks, create botnets, steal money, render advertisements, 
and more. 


Worm 


Computer worms are among the most common types of malware. They spread over computer 
networks by exploiting operating system vulnerabilities. Worms typically cause harm to their host 
networks by consuming bandwidth and overloading web servers. Computer worms can also contain 
“payloads” that damage host computers. Payloads are pieces of code written to perform actions on 
affected computers beyond simply spreading the worm. Payloads are commonly designed to steal 
data, delete files, or create botnets. 


Computer worms can be classified as a type of computer virus, but there are several characteristics 
that distinguish computer worms from regular viruses. A major difference is that computer worms 
have the ability to self-replicate and spread independently while viruses rely on human activity to 
spread (running a program, opening a file, etc). Worms often spread by sending mass emails with 
infected attachments to users’ contacts. 


Key logger 


A special kind of trojan that records the keyboard and/or mouse activity on a PC and relays the 
information over the Internet to someone wishing to record passwords or other personal information. 


Zombie Computer 


A Trojan horse is used to plant malware on an unsuspecting PC owner's system that allows a remote 
computer to use that system to send out spam or to perform other malicious tasks on the Internet 
without the owner's knowledge. 


Drive-by-Download 


The automatic download of software to a user’s computer triggered simply by visiting a Web site or 
viewing an HTML formatted email. The download occurs without the user’s consent and ofter 
without any notice at all. 


Scareware 


Malware that pops up windows claiming your computer is infected and offers to clean it for a fee or 
tries to get you to click a link that will install a trojan. The malware can come from a drive-by- 
download or from a web page that has other malicious JavaScript on it. 


Web beacon or web bug 


A small, usually 1x1 pixel, transparent image that is placed somewhere in a web page or e-mail. Due 
to its small size and transparency it is visually undetectable by the reader. Because the computer has 
to make a request to an external server in order to load this image, whoever planted the image knows 
that you have visited the web page or opened the e-mail. The server records the date and time of the 
request, along with any other information it receives such as your IP address and browser version. 


Backdoors 


A backdoor is a method of bypassing normal authentication procedures, usually over a connection to 
a network such as the Internet. Once a system has been compromised, one or more backdoors may be 
installed in order to allow access in the future, invisibly to the user. 


The idea has often been suggested that computer manufacturers preinstall backdoors on their systems 
to provide technical support for customers, but this has never been reliably verified. It was reported 
in 2014 that US government agencies had been diverting computers purchased by those considered 
"targets" to secret workshops where software or hardware permitting remote access by the agency 
was installed, considered to be among the most productive operations to obtain access to networks 


around the world. Backdoors may be installed by Trojan horses, worms, implants, or other methods. 


Malware Symptoms 


While these types of malware differ greatly in how they spread and infect computers, they all can 

produce similar symptoms. Computers that are infected with malware can exhibit any of the following 

symptoms: 

Increased CPU usage 

Slow computer or web browser speeds 

Problems connecting to networks 

Freezing or crashing 

Modified or deleted files 

Appearance of strange files, programs, or desktop icons 

Programs running, turning off, or reconfiguring themselves (malware will often reconfigure 

or turn off antivirus and firewall programs) 

e Strange computer behaviour 

e Emails/messages being sent automatically and without user’s knowledge (a friend receives a 
strange email from you that you did not send) 


Vulnerability to Malware 
Security defects in software 


Malware exploits security defects (security bugs or vulnerabilities) in the design of the operating 
system, in applications (such as browsers, e.g. older versions of Microsoft Internet Explorer 
supported by Windows XP), or in vulnerable versions of browser plugins such as Adobe Flast 
Player, Adobe Acrobat or Reader, or Java. 


Sometimes even installing new versions of such plugins does not automatically uninstall old versions. 
Security advisories from plug-in providers announce security-related updates. 


Common vulnerabilities are assigned CVE IDs and listed in the US National Vulnerability Database 
Secunia PSI is an example of software, free for personal use that will check a PC for vulnerable out- 
of-date software, and attempt to update it. 


Malware authors target bugs, or loopholes, to exploit. A common method is exploitation of a buffer 
overrun vulnerability, where software designed to store data in a specified region of memory does 
not prevent more data than the buffer can accommodate being supplied. 


Malware may provide data that overflows the buffer, with malicious executable code or data after the 
end; when this payload is accessed it does what the attacker, not the legitimate software, determines. 


Insecure design or user error 


Early PCs had to be booted from floppy disks; when built-in hard drives became common the 
operating system was normally started from them, but it was possible to boot from another boot 
device if available, such as a floppy disk, CD-ROM, DVD-ROM, or USB flash drive. 


It was common to configure the computer to boot from one of these devices when available. Normally 
none would be available; the user would intentionally insert, say, a CD into the optical drive to boot 
the computer in some special way, for example to install an operating system. Even without booting, 
computers can be configured to execute software on some media as soon as they become available, 
e.g. to autorun a CD or USB device when inserted. 


Malicious software distributors would trick the user into booting or running from an infected device 
or medium; for example, a virus could make an infected computer add autorunnable code to any USB 
stick plugged into it; anyone who then attached the stick to another computer set to autorun from USB 
would in turn become infected, and also pass on the infection in the same way. 


More generally, any device that plugs into a USB port - "including gadgets like lights, fans, speakers, 
toys, even a digital microscope" can be used to spread malware. Devices can be infected during 
manufacturing or supply if quality control is inadequate. 


This form of infection can largely be avoided by setting up computers by default to boot from the 
internal hard drive, if available, and not to autorun from devices. Intentional booting from another 
device is always possible by pressing certain keys during boot. 


Older email software would automatically open HTML email containing potentially malicious 
JavaScript code; users may also execute disguised malicious email attachments and infected 
executable files supplied in other ways. 


Over-privileged users and over-privileged code 


In computing, privilege refers to how much a user or program is allowed to modify a system. In 
poorly designed computer systems, both users and programs can be assigned more privileges than 
they should be, and malware can take advantage of this. The two ways that malware does this is 
through overprivileged users and overprivileged code. 


Some systems allow all users to modify their internal structures, and such users today would be 
considered over-privileged users. This was the standard operating procedure for early 
microcomputer and home computer systems, where there was no distinction between an administrator 
or root, and a regular user of the system. In some systems, non-administrator users are over- 
privileged by design, in the sense that they are allowed to modify internal structures of the system. In 
some environments, users are over-privileged because they have been inappropriately granted 
administrator or equivalent status. 


Some systems allow code executed by a user to access all rights of that user, which is known as over- 
privileged code. This was also standard operating procedure for early microcomputer and home 
computer systems. Malware, running as over-privileged code, can use this privilege to subvert the 
system. Almost all currently popular operating systems, and also many scripting applications allow 


code too many privileges, usually in the sense that when a user executes code, the system allows that 
code all rights of that user. This makes users vulnerable to malware in the form of e-mail attachments, 
which may or may not be disguised. 


Homogeneity 


When all computers in a network run the same operating system; upon exploiting one, one worm can 
exploit them all. For example, Microsoft Windows or Mac OS X have such a large share of the 
market that concentrating on either could enable an exploited vulnerability to subvert a large number 
of systems. 


Instead, introducing diversity, purely for the sake of robustness, could increase short-term costs for 
training and maintenance. However, having a few diverse nodes could deter total shutdown of the 
network as long as all the nodes are not part of the same directory service for authentication, and 
allow those nodes to help with recovery of the infected nodes. Such separate, functional redundancy 
could avoid the cost of a total shutdown, at the cost of increased complexity and reduced usability in 
terms of single sign-on authentication. 


Malware prevention and removal 


There are several general best practices that organisations and individual users should follow to 
prevent malware infections. Some malware cases require special prevention and treatment methods, 
but following these recommendations will greatly increase a user’s protection from a wide range of 
malware: 


Install and run anti-malware and firewall software. When selecting software, choose a program that 
offers tools for detecting, quarantining, and removing multiple types of malware. At the minimum, 
anti-malware software should protect against viruses, spyware, adware, Trojans, and worms. The 
combination of anti-malware software and a firewall will ensure that all incoming and existing data 
gets scanned for malware and that malware can be safely removed once detected. 


Keep software and operating systems up to date with current vulnerability patches. These patches are 
often released to patch bugs or other security flaws that could be exploited by attackers. 


Be vigilant when downloading files, programs, attachments, etc. Downloads that seem strange or are 
from an unfamiliar source often contain malware. 


Website security scans 


As malware also harms the compromised websites (by breaking reputation, blacklisting in search 
engines, etc.), some websites offer vulnerability scanning. Such scans check the website, detect 
malware, may note outdated software, and may report known security issues. 


"Air gap" isolation or "Parallel Network" 


As a last resort, computers can be protected from malware, and infected computers can be prevented 
from disseminating trusted information, by imposing an "air gap" (i.e. completely disconnecting them 
from all other networks). However, information can be transmitted in unrecognized ways; in 
December 2013 researchers in Germany showed one way that an apparent air gap can be defeated. 


Later in 2015, "BitWhisper", a Covert Signaling Channel between Air-Gapped Computers usin, 
Thermal Manipulations was introduced. "BitWhisper" supports bidirectional communication anc 
requires no additional dedicated peripheral hardware. 


Grayware 


Grayware is a term applied to unwanted applications or files that are not classified as malware, but 
can worsen the performance of computers and may cause security risks. 


It describes applications that behave in an annoying or undesirable manner, and yet are less serious or 
troublesome than malware. Grayware encompasses spyware, adware, fraudulent dialers, joke 
programs, remote access tools and other unwanted programs that harm the performance of computers 
or cause inconvenience. The term came into use around 2004. 


Another term, PUP, which stands for Potentially Unwanted Program (or PUA Potentially Unwante: 
Application), refers to applications that would be considered unwanted despite often having been 
downloaded by the user, possibly after failing to read a download agreement. PUPs include spyware, 
adware, fraudulent dialers. Many security products classify unauthorised key generators as grayware, 
although they frequently carry true malware in addition to their ostensible purpose. 


Software maker Malwarebytes lists several criteria for classifying a program as a PUP. 


CHAPTER 8 


Common Attacks and Viruses 


Identify Theft 


Identity theft criminals come in all shapes and sizes these days. If you're ever unlucky enough to be a 
victim of identity theft, the culprit is far more likely to be a local meth user than a professional 
hacker. That said, most organized crimes gangs around the world are becoming much more involved 
in computer hacking. Computer identity theft can happen in a number of ways. Criminal organizations 
can use their own hackers, hire college students, or simply buy large amounts of stolen information 
from professional hackers. And the result is a spike in the number and size of reported data breaches 


by hackers. 
Hacking attacks can be launched in a number of ways: 


Attacking computers that don't have firewalls installed. 

Installing keystroke loggers or other malicious code by hiding it in email attachments. 
Exploiting browser vulnerabilities that have not been properly patched. 

Exploiting weak or poorly protected passwords. 

Hiding malicious code in downloads or free software. 

Hiding malicious code in images on websites and waiting for unsuspecting users to click on 
them. 

Employees or other trusted users simply accessing an unprotected computer. 

Exploiting poorly installed networks, and especially wireless home networks. 


How does identify theft work? 
pı 


First things first, your social security number isn't necessarily a magic ticket to your identity—it's 
really more like a cheat code. If you know where, when, and how to use someone else's number, you 
can effectively steal their identity and cause them significant hardship. Former public and now private 
investigator Randy Barnhart explains how easy it is to gain a line of credit in someone else's name 11 
you know what to do: 


Many retailers offer credit cards, most offer Visa and Master Card accounts as well. If I 
have someone's social security number, all I have to do is complete a one page credit 
application using the stolen SSN and hand it to a cashier that is 18-20 years old. The 
cashier enters the SSN into their system and a line of credit is issued. Depending on the 
victim's credit rating, the line of credit can be $1000 to $100,000. Usually the cashier 
hands me a temporary shopping pass with a limited balance that I can use immediately. 
If they have multiple identities, the thief can open several accounts and max out the 
credit line very quickly. 


Barnhart suggests that this would be simple to stop, as additional security checks would be required, 
but this would involve the sacrifice of convenience—something we're not always eager to abandon. 
It's also not the sort of thing retailers want to give up because they make a lot of money off of 
providing you with a credit line. 


Even still, that's just one example of the many problems that can arise from identity theft. We tend to 
concentrate only on the monetary damage, but much more can occur. Matt Davis, a victim advisor for 
the Identity Theft Resource Center, explains many of the other issues: 


ID thieves can use an social security number to procure your medical benefits, social 
security, unemployment, file false tax returns, and even pawn off their criminal charges 
when they have run-ins with the law on you. The possibilities are limitless with the right 
information and an informed thief. A credit report will not show you if anyone is running 
up criminal charges as you, using your medical insurance to finance medical procedures, 
or creating a fraudulent job history report by working under your information. 


Basically, your identity is valuable to different kinds of people for different reasons. You might be 
targeted for a line of credit or because an illegal immigrant needs "lawful" employment and health 
care. Monitoring your credit report isn't enough. You need to pay attention to everything if you're 
going to catch a thief. 


How can one protect them from identity theft? 


There's no way you can stop a young retail cashier from processing a credit application they don't 
know is fraudulent, or much of anything that would stop the thief once they have your social security 
number. Your goal is to make sure that number stays with you and doesn't get in the hands of anyone 
you don't trust. The easiest way to procure a social security number from a victim is by going through 
their trash, as your mail will sometimes have your number on it. There are also other ways your 
number can leave your protection. As a result, you'll want to do the following: 


e If your social security number does appear on any documents, destroy them before you throw 
them out. 

e Never give out your social security number to any third-party unless you know they need it 
(e.g. a credit application) and you trust the organization. Before handing it over, you may 
want to ask what measures they take to ensure social security numbers are not recorded. For 
example, a friend of mine works in a sales job. They're not allowed to have cellphones or 
any devices connected to the internet. They can't use computers, either, aside from the one 
provided. This is to make it virtually impossible for them to record any credit card numbers 
they receive from a customer. While a company is not going to outlaw pencil and paper, 
therefore not completely eliminating the possibility of your social security number leaving 
the building, they likely take several countermeasures to help protect you. If you're worried, 
ask. Whoever is requesting the number likely knows about them since they live with them 
every day. 

e Before handing over your social security number to any company, ask if it will ever appear 
on a document they send you in the mail. Also find out how it is securely stored on their 
servers so it will be protected in case of a hack. 

e Avoid entering your social security number online unless you are absolutely sure you're on a 
secure connection and dealing with a company you can trust. If you're not, call them to verify 
or don't do it. 


Spoofing Attacks 


A spoofing attack is when a malicious party impersonates another device or user on a network in 
order to launch attacks against network hosts, steal data, spread malware or bypass access controls. 
There are several different types of spoofing attacks that malicious parties can use to accomplish this. 
Some of the most common methods include IP address spoofing attacks, ARP spoofing attacks and 
DNS server spoofing attacks. 


IP address spoofing attacks 


IP address spoofing is one of the most frequently used spoofing attack methods. In an IP address 
spoofing attack, an attacker sends IP packets from a false (or “spoofed’’) source address in order to 
disguise itself. Denial-of-service attacks often use IP spoofing to overload networks and devices with 
packets that appear to be from legitimate source IP addresses. 


What sorts of attacks are launched through IP spoofing? To name a few: 


Blind spoofing: In this type of attack, a cracker outside the perimeter of the local network 
transmits multiple packets to his intended target to receive a series of sequence numbers, 
which are generally used to assemble packets in the order in which they were intended -- 
Packet 1 is to be read first, then Packet 2, 3 and so on. The cracker is blind to how 
transmissions take place on this network, so he needs to coax the machine into responding to 
his own requests so he can analyze the sequence numbers. By taking advantage of knowing 
the sequence number, the cracker can falsify his identity by injecting data into the stream of 
packets without having to have authenticated himself when the connection was first 
established. (Generally, current operating systems employ random sequence number 
generation, so it's more difficult for crackers to predict the correct sequence number.) 


Nonblind spoofing: In this type of attack, the cracker resides on the same subnet as his 
intended target, so by sniffing the wire for existing transmissions, he can understand an 
entire sequence/acknowledge cycle between his target and other hosts (hence the cracker 
isn't "blind" to the sequence numbers). Once the sequence is known, the attacker can hijack 
sessions that have already been built by disguising himself as another machine, bypassing 
any sort of authentication that was previously conducted on that connection. 


Denial-of-service attack: To keep a large-scale attack on a machine or group of machines 
from being detected, spoofing is often used by the malefactors responsible for the event to 
disguise the source of the attacks and make it difficult to shut it off. Spoofing takes on a 
whole new level of severity when multiple hosts are sending constant streams of packet to 


the DoS target. In that case, all the transmissions are generally spoofed, making it very 
difficult to track down the sources of the storm. 


Man-in-the-middle attack: Imagine two hosts participating in normal transmissions 
between each other. In a man-in-the-middle attack, a malicious machine intercepts the 
packets sent between these machines, alters the packets and then sends them on to the 
intended destination, with the originating and receiving machines unaware their 
communications have been tampered with; this is where the spoofing element enters the 
equation. Typically, this type of attack is used to get targets to reveal secure information and 
continue such transmissions for a period of time, all the while unaware that the machine in 
the middle of the transmission is eavesdropping the whole time. 


ARP spoofing attacks 


ARP is short for Address Resolution Protocol, a protocol that is used to resolve IP addresses tc 
MAC (Media Access Control) addresses for transmitting data. In an ARP spoofing attack, a malicious 
party sends spoofed ARP messages across a local area network in order to link the attacker’s MAC 
address with the IP address of a legitimate member of the network. This type of spoofing attack 
results in data that is intended for the host’s IP address getting sent to the attacker instead. Malicious 
parties commonly use ARP spoofing to steal information, modify data in-transit or stop traffic on a 
LAN. ARP spoofing attacks can also be used to facilitate other types of attacks, including denial-of- 
service, session hijacking and man-in-the-middle attacks. ARP spoofing only works on local area 
networks that use the Address Resolution Protocol. 


DNS server spoofing attacks 


The Domain Name System (DNS) is a system that associates domain names with IP addresses 
Devices that connect to the internet or other private networks rely on the DNS for resolving URLs 
email addresses and other human-readable domain names into their corresponding IP addresses. In a 
DNS server spoofing attack, a malicious party modifies the DNS server in order to reroute a specific 
domain name to a different IP address. In many cases, the new IP address will be for a server that is 
actually controlled by the attacker and contains files infected with malware. DNS server spoofing 
attacks are often used to spread computer worms and viruses. 


Spoofing attack prevention and mitigation 


There are many tools and practices that organisations can employ to reduce the threat of spoofing 
attacks. Common measures that organisations can take for spoofing attack prevention include: 


e Packet filtering: packet filters inspect packets as they are transmitted across a network. 
Packet filters are useful in IP address spoofing attack prevention because they are capable of 
filtering out and blocking packets with conflicting source address information (packets from 


outside the network that show source addresses from inside the network and vice versa). 

e Avoid trust relationships: organisations should develop protocols that rely on trust 
relationships as little as possible. It 1s significantly easier for attackers to run spoofing 
attacks when trust relationships are in place because trust relationships only use IP 
addresses for authentication. 

e Use spoofing detection software: There are many programs available that help 
organisations detect spoofing attacks, particularly ARP spoofing. These programs work by 
inspecting and certifying data before it is transmitted and blocking data that appears to be 
spoofed. 

e Use cryptographic network protocols: Transport Layer Security (TLS), Secure Shel 
(SSH), HTTP Secure (HTTPS) and other secure communications protocols bolster spoofir 
attack prevention efforts by encrypting data before it is sent and authenticating data as it is 
received. 


Phishing Attacks 


Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an 
attempt to gather personal and financial information from recipients. Typically, the messages appear 
to come from well-known and trustworthy Web sites. Web sites that are frequently spoofed by 
phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition 
like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to 
fool at least a few of the prey that encounter the bait. 


ae, 


Fraudsters send fake emails or set up fake web sites that mimic Yahoo!'s sign-in pages (or the sign-in 
pages of other trusted companies, such as eBay or PayPal) to trick you into disclosing your user name 
and password. This practice is sometimes referred to as "phishing" — a play on the word "fishing" 
— because the fraudster is fishing for your private account information. Typically, fraudsters try to 
trick you into providing your user name and password so that they can gain access to an online 
account. Once they gain access, they can use your personal information to commit identity theft, 
charge your credit cards, empty your bank accounts, read your email, and lock you out of your online 
account by changing your password. 


If you receive an email (or instant message) from someone you don't know directing you to sign in to a 
website, be careful! You may have received a phishing email with links to a phishing website. A 
phishing website (sometimes called a "spoofed" site) tries to steal your account password or other 
confidential information by tricking you into believing you're on a legitimate website. You could even 
land on a phishing site by mistyping a URL (web address). 


Is that website legitimate? Don't be fooled by a site that looks real. It's easy for phishers to create 


websites that look like the genuine article, complete with the logo and other graphics of a trusted 
website. 


Important: If you're at all unsure about a website, do not sign in. The safest thing to do is to close and 
then reopen your browser, and then type the URL into your browser's URL bar. Typing the correct 
URL is the best way to be sure you're not redirected to a spoofed site. 


Signs you May have Received a Phishing Email 


If you receive an email from a web site or company urging you to provide confidential information, 
such as a password or Social Security number, you might be the target of a phishing scam. The tips 
below can help you avoid being taken in by phishers. 


Unofficial "From" address 


Look out for a sender's email address that is similar to, but not the same as, a company's official 
email address. Fraudsters often sign up for free email accounts with company names in them (such as 
"ysmallbusiness@yahoo.com"). These email addresses are meant to fool you. Official email fror 
Yahoo! always comes from an "@yahoo-inc.com" email address. 


Urgent action required 


Fraudsters often include urgent "calls to action" to try to get you to react immediately. Be wary of 
emails containing phrases like "your account will be closed," "your account has been compromised," 
or "urgent action required." The fraudster is taking advantage of your concern to trick you into 
providing confidential information. 


Generic greeting 


Fraudsters often send thousands of phishing emails at one time. They may have your email address, 
but they seldom have your name. Be skeptical of an email sent with a generic greeting such as "Dear 
Customer" or "Dear Member". 


Link to a fake web site 


To trick you into disclosing your user name and password, fraudsters often include a link to a fake 
web site that looks like (sometimes exactly like) the sign-in page of a legitimate web site. Just 
because a site includes a company's logo or looks like the real page doesn't mean it is! Logos and the 
appearance of legitimate web sites are easy to copy. In the email, look out for: 


Links containing an official company name, but in the wrong location. For example: 
"https://www.yahoo.com is a fake address that doesn't go to a real Yahoo! web site. A real Yahoo! 
web address has a forward slash ("/") after "yahoo.com" — for example, "https://www.yahoo.com/" 
or "https://login.yahoo.com/." 


Legitimate links mixed with fake links 


Fraudsters sometimes include authentic links in their spoof pages, such as to the genuine privacy 
policy and terms of service pages for the site they're mimicking. These authentic links are mixed in 


with links to a fake phishing web site in order to make the spoof site appear more realistic. 


e And look for these other indicators that an email might not be trustworthy: 

e Spelling errors, poor grammar, or inferior graphics. 

e Requests for personal information such as your password, Social Security number, 
or bank account or credit card number. Legitimate companies will never ask you to 
verify or provide confidential information in an unsolicited email. 

e Attachments (which might contain viruses or keystroke loggers, which record what 


you type). 


Signs you May be on a Phishing Site 


Phishers are becoming more and more sophisticated in designing their phony websites, follow these 
steps if you think you’ve been phished. There's no surefire way to know if you're on a phishing site, 
but here are some hints that can help you distinguish a real website from a phishing site: 


Check the Web address 


Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's 
URL bar for these signs that you may be on a phishing site: 


e Incorrect company name. Often the web address of a phishing site looks correct but 
actually contains a common misspelling of the company name or a character or 
symbol before or after the company name. Look for tricks such as substituting the 
number "1" for the letter "I" in a Web address (for example, www.paypal.com 
instead of www.paypal.com). 

e "http://" at the start of the address on Yahoo sign-in pages. A legitimate Yahoo 
sign-in page address starts with "https://" — the letter "s" must be included. So 
check the website address for any Yahoo sign-in page. 

e A missing forward slash. To verify that you're on a legitimate Yahoo site, make 
sure a forward slash ( / ) appears after "yahoo.com" in the URL bar, for example, 
"https://www.yahoo.com” is a fake website address. 


Be leery of pop-ups 


Be careful if you're sent to a website that immediately displays a pop-up window asking you to enter 
your username and password. Phishing scams may direct you to a legitimate website and then use a 
pop-up to gain your account information. 


Give a fake password 


If you not sure if a site is authentic, don't use your real password to sign in. If you enter a fake 
password and appear to be signed in, you're likely on a phishing site. Do not enter any more 
information; close your browser. Keep in mind, though, that some phishing sites automatically display 
an error message regardless of the password you enter. So, just because your fake password is 
rejected, don't assume the site is legitimate. 


Use a Web browser with antiphishing detection 


Internet Explorer, Mozilla Firefox, Web browsers have free add-ons (or "plug-ins") that can help you 
detect phishing sites. 


Be wary of other methods to identify a legitimate site 


Some methods used to indicate a safe site can't always be trusted. A small unbroken key or locked 
padlock at the left of the URL bar of your browser is not a reliable indicator of a legitimate website. 
Just because there's a key or lock and the security certificate looks authentic, don't assume the site is 
legitimate. 


Different types of Phishing 


Deceptive Phishing 
Malware-Based Phishing 
Keyloggers and Screenloggers 
Session Hijacking 

Web Trojans 

Hosts File Poisoning 

System Reconfiguration Attacks 
Data Theft 

DNS-Based Phishing ("Pharming") 
Content-Injection Phishing 
Man-in-the-Middle Phishing 
Search Engine Phishing 


Deceptive Phishing 
A phisher sends bulk email with a message. Users are influenced to click on a link. 


Examples: An email stating that there is a problem with recipient’s account at financial institutions 
and requests the recipient to click on a website link to update his details. A statement may be sent to 
the recipient stating that his account is at risk and offering to enroll him to an anti-fraud program. In 
any of the case, the website collects the user’s confidential information. The phisher will 
subsequently impersonate the victim and transfer funds from his account, purchase merchandise, take 
a second mortgage on the victim’s house or cause any other damage. In most of these cases, the 
phisher does not directly cause any economic damage, but sells the illegally obtained information on 
a secondary market. 


Malware-based Phishing 


Malware-based phishing involves running malicious software on the user’s machine. The malware 
can be introduced as an email attachment or as a downloadable file exploiting security 
vulnerabilities. This is a particular threat for small and medium businesses (SMBs) who fails tc 
update their their software applications. 


Keyloggers and Screenloggers 


Keyloggers and screenloggers are varieties of malware that track input from the keyboard and send 
relevant information to the hacker via the Internet. They can embed themselves into the user’s 
browsers as small utility programs. 


Session Hijacking 


Session Hijacking is a kind of phishing attack where user’s activities are monitored clearly until they 
log into a target account like the bank account and establish their credentials. At that point, the 
malicious software takes control and can undertake unauthorized actions, such as transferring funds, 
without the knowledge of the user. 


Web Trojans 


Web Trojans pop up when the users attempt to log in to an important website or performing any 
transaction. These web trojans are invisible to the users. They collect user's credentials locally and 
transmit them to the phisher. 


Hosts File Poisoning 


When a user types a URL of a website it is first translated into an IP address before it's transmittec 
over the Internet. The majority of user’s PCs running a Microsoft Windows operating system firs 
look up these "host names" in their "hosts" file before undertaking a Domain Name System (DNS 
lookup. Phishers steal information by "poisoning" the hosts file. They transmit a bogus address, taking 
the user unwittingly to a fake "look alike" website. 


System Reconfiguration Attacks 


This is a kind of phishing attack where the settings on a user's PC are modified with bad intentions. 
For example: URLs in a favorites file might be modified to direct users to bogus websites that look 
alike. For example: a financial institution's website URL may be changed from "bankofxyz.com" tc 
"bancofxyz.com". 


Data Theft 


Malicious code running on a user’s computer, can directly steal confidential information stored on the 
computer. This information can include activation keys to software, passwords, sensitive and 
personal email and any other data that is stored on the victim's computer. Data theft is also widely 
used for phishing attacks aimed at corporate espionage. In addition, confidential memos, design 


documents or billing info can be publicly leaked, causing embarrassment or financial damage to the 
organization. This data can also be leaked to competitors. 


DNS-Based Phishing 


Domain Name System (DNS)-based phishing or hosts file modification is called Pharming. Th 
requests for URLs or name service return a bogus address and subsequent communications are 
directed to a fake site when the hackers tamper a company’s host files or domain name. As a result, 
users remain unaware about the fraud website controlled by hackers. 


Content-Injection Phishing 


Content-injection phishing means inserting malicious content into a legitimate website. The malicious 
content can redirect to other websites or may install malware on a user’s computer and also insert a 
frame of content that will redirect data to the phishing server. 


Man-in-the-Middle Phishing 


Man-in-the-Middle Phishing is hard to detect than many other forms of phishing. In these attacks 
hackers sit between the user and the website or the system. They record the information being entered 
by the user but continue to pass the user on to the next steps so that user transactions are not affected 
and the user remains unaware. Later, they sell or use the information which may be credentials, credit 
card details, and bank account details. 


Search Engine Phishing 


Phishers develop e-commerce websites with attractive offers. Later these sites are indexed 
legitimately with different search engines. When users search for products or services, these sites are 
shown by the search engine and are fooled into giving up their information. For example, scammers 
have set up false banking sites that offer lower credit costs or better interest rates than other banks. 
Victims are often encouraged to transfer account details. In this way, they are deceived into giving up 
their details. 


Social Engineering 


Social engineering, in the context of information security, refers to psychological manipulation of 
people into performing actions or divulging confidential information. A type of confidence trick for 
the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that 
it is often one of many steps in a more complex fraud scheme. 


The term "social engineering" as an act of psychological manipulation is also associated with the 
social sciences, but its usage has caught on among computer and information security professionals. 


All social engineering techniques are based on specific attributes of human decision-making known 
as cognitive biases. These biases, sometimes called "bugs in the human hardware", are exploited in 
various combinations to create attack techniques, some of which are listed. The attacks used in social 
engineering can be used to steal employees' confidential information. The most common type of social 
engineering happens over the phone. Other examples of social engineering attacks are criminals 
posing as exterminators, fire marshals and technicians to go unnoticed as they steal company secrets. 


One example of social engineering is an individual who walks into a building and posts an official- 
looking announcement to the company bulletin that says the number for the help desk has changed. So, 
when employees call for help the individual asks them for their passwords and ID's thereby gaining 
the ability to access the company's private information. Another example of social engineering would 
be that the hacker contacts the target on social networking site and start conversation with the target. 
Slowly and gradually, the hacker gains trust of the target and then uses it to get access to sensitive 
information like password or bank account details. 


Pretexting 


Pretexting (adj. pretextual), also known in the UK as blagging or bohoing, is the act of creating and 
using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the 
chance the victim will divulge information or perform actions that would be unlikely in ordinary 
circumstances. An elaborate lie, it most often involves some prior research or setup and the use of 
this information for impersonation (e.g., date of birth, Social Security number, last bill amount) to 
establish legitimacy in the mind of the target. 


Diversion Theft 


Diversion theft, also known as the "Corner Game" or "Round the Corner Game", originated in the 
East End of London. 


In summary, diversion theft is a "con" exercised by professional thieves, normally against a transport 
or courier company. The objective is to persuade the persons responsible for a legitimate delivery 
that the consignment is requested elsewhere hence, "round the corner". 


Baiting 
Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or 


greed of the victim. 


In this attack, the attacker leaves a malware infected floppy disk, CD-ROM, or USB flash drive in 
location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and 
curiosity-piquing label, and simply waits for the victim to use the device. 


In either case, as a consequence of merely inserting the disk into a computer to see the contents, the 
user would unknowingly install malware on it, likely giving an attacker unfettered access to the 


victim's PC and, perhaps, the targeted company's internal computer network. 


Unless computer controls block the infection, PCs set to "auto-run" inserted media may be 
compromised as soon as a rogue disk is inserted. 


Hostile devices, more attractive than simple memory, can also be used. For instance, a "lucky 
winner" is sent a free digital audio player that actually compromises any computer it is plugged to. 


Tailgating 


An attacker, seeking entry to a restricted area secured by unattended, electronic access control, e.g. 
by RFID card, simply walks in behind a person who has legitimate access. Following commor 
courtesy, the legitimate person will usually hold the door open for the attacker or the attackers 
themselves may ask the employee to hold it open for them. The legitimate person may fail to ask for 
identification for any of several reasons, or may accept an assertion that the attacker has forgotten or 
lost the appropriate identity token. The attacker may also fake the action of presenting an identity 
token. 


Shoulder Surfing 


Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to 
get information. Shoulder surfing 1s an effective way to get information in crowded places because 
it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an 
ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long 
distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, 
experts recommend that you shield paperwork or your keypad from view by using your body or 
cupping your hand. 


Dumpster Diving 


Alternatively referred to as trashing, dumpster diving is the practice of digging through a company's 
trash bins or dumpsters to gain information. This act is carried out for a number reasons, from seeking 
passwords for a network attack, to personal information for social engineering. 


When dumpster diving, hackers look for: 
Phone lists 


Helps map out the power structure of the company, and gives possible account names, and is essential 
in appearing as a member of the organization. 


Memos 


Reveal activities inside the target organization. 


Policy manuals 


Today's employee manuals give instructions on how not to be victimized by hackers, and likewise 
help the hacker know which attacks to avoid, or at least try in a different manner than specified in the 
policy manual. 


Calenders of events 

Tells the hackers when everyone will be elsewhere and not logged into the system. Best time to break 
in. 

System Manuals, Packing Crates 

Tells the hackers about new systems that they can break into. 

Print outs 


Source code is frequently found in dumpsters, along with e-mails (revealing account names), and 
Postlt&tm; notes containing written passwords. 


Disks, Tapes, CD-ROMs 


People forget to erase storage media, leaving sensitive data exposed. These days, dumpsters may 
contain larger number of "broken" CD-Rs. The CD-ROM "burning" process is sensitive, and can lea 
to failures, which are simply thrown away. However, some drives can still read these disks, allowing 
the hacker to read a half-way completed backup or other sensitive piece of information. 


Old Hard Drives 


Like CD-ROMs, information from broken drives can usually be recovered. It depends only upon thi 
hacker's determination. 


Organizational changes, such as mergers, acquitistions, and "re-orgs" leave the company in disarray 
that can be exploited by hackers (in much the same way that hackers look upon January 1, 2000 as a 
prime hacking day) 


Trojan Horses 


A trojan horse is a program that appears to be something safe, but in is performing tasks such as 
giving access to your computer or sending personal information to other computers. Trojan horses are 
one of the most common methods a criminal uses to infect your computer and collect personal 
information from your computer. Below are some basic examples of how your computer could 
become infected with a trojan horse. 


If you were referred here, you may have been “hacked” by a Trojan horse attack. It’s crucial that you 
read this page and fix yourself immediately. Failure to do so could result in being disconnected from 
the IRC network, letting strangers access your private files, or worst yet, allowing your computer tc 
be hijacked and used in criminal attacks on others. 


How do I avoid getting infected in the future? 


You must be certain of BOTH the source AND content of each file you download! In other words 
you need to be sure that you trust not only the person or file server that gave you the file, but also the 
contents of the file itself. 


Know the source. 

Ask questions. Even when you trust the source, it’s easy for a trojan to impersonate a user 
when it has control of their computer. Ask questions to determine what the file is before you 
download. 

Expect the file. If you weren’t expecting a file transfer or attachment, then don’t download it 
until you check with the sender personally. 

Does everything make sense? If it looks suspicious, it probably is. File types, filenames, and 
descriptions should all agree. Your dear aunt Sally wouldn’t put family photos in an Excel 
spreadsheet, right? :) 

Even when everything else is in order, check the contents with virus scanners. 


Remember: Better to ask and feel silly, than to download blindly and be sorry. 


Here are some practical tips to avoid getting infected (again). For more general security information, 
please see our main security help page. 


1. NEVER download blindly from people or sites which you aren’t 100% sure about. fi 


other words, as the old saying goes, don’t accept candy from strangers. If you do a lot 
of file downloading, it’s often just a matter of time before you fall victim to a trojan. 
Even if the file comes from a friend, you still must be sure what the file is before 
opening it, because many trojans will automatically try to spread themselves to friends 
in an email address book or on an IRC channel. There is seldom reason for a friend tc 
send you a file that you didn’t ask for. When in doubt, ask them first, and scan the 
attachment with a fully updated anti-virus program. 


3. Beware of hidden file extensions! Windows by default hides the last extension of a file, 
so that innocuous-looking “susie.jpg” might really be “susie.jpg.exe” - an executable 
trojan! To reduce the chances of being tricked, unhide those pesky extensions. 

4. NEVER use features in your programs that automatically get or preview files. Those 
features may seem convenient, but they let anybody send you anything which is 
extremely reckless. For example, never turn on “auto DCC get” in mIRC, instea 
ALWAYS screen every single file you get manually. Likewise, disable the preview 
mode in Outlook and other email programs. 

5. Never blindly type commands that others tell you to type, or go to web addresses 
mentioned by strangers, or run pre-fabricated programs or scripts (not even popular 
ones). If you do so, you are potentially trusting a stranger with control over your 
computer, which can lead to trojan infection or other serious harm. 

6. Don’t be lulled into a false sense of security just because you run anti-virus programs. 
Those do not protect perfectly against many viruses and trojans, even when fully up to 
date. Anti-virus programs should not be your front line of security, but instead they 
serve as a backup in case something sneaks onto your computer. 

7. Finally, don’t download an executable program just to “check it out” - if it’s a trojan, 
the first time you run it, you’re already infected! 


How do I get rid of trojans? 


Here are your many options, none of them are perfect. I strongly suggest you read through all of them 
before rushing out and trying to run some program blindly. Remember - that’s how you got in this 
trouble in the first place. 


To repair or to reformat? 


The decision whether to attempt to repair an infected computer or reformat and do a clean 
reinstallation is a difficult one. On one hand, no antimalware software will ever be able to 
provide 100% assurance that all malware has been removed. On the other hand, most 
infections are from the same couple of hundred actively circulating trojans, that are well 
understood and reliably removed by the appropriate removal tool, and a clean reformat and 
reinstall with take anywhere from several hours to several days. 


As a practical matter, it’s worth trying to repair infected computers first. Most of the time, 
you can completely get rid of the infection quickly and easily. If an infection persistantly 
returns, it’s likely that it wasn’t completely removed in the first place, at which point 
stronger measures should be considered. 


Repairing the Damage 


Anti-Virus Software: Some of these can handle most of the well known trojans, but none 
are perfect, no matter what their advertising claims. You absolutely MUST make sure you 
have the very latest update files for your programs, or else they will miss the latest trojans. 


Compared to traditional viruses, today’s trojans evolve much quicker and come in many 
seemingly innocuous forms, so anti-virus software is always going to be playing catch up. 
Also, if they fail to find every trojan, anti-virus software can give you a false sense of 
security, such that you go about your business not realizing that you are still dangerously 
compromised. There are many products to choose from, but the following are generally 
effective: AVP, PC-cillin, and McAfee VirusScan. 


Anti-Trojan Programs: These programs are the most effective against trojan horse attacks, 
because they specialize in trojans instead of general viruses. 


Clean Re-installation 


When all else fails, or when any risk of continued infection is unacceptable, the only option 
left is a clean re-installation. Although arduous, this will always be the only sure way to 
eradicate a trojan or virus. 


A clean re-installation will take anywhere from several hours to several days to fully 
complete, depending on your system configuration, operating system, amount of data to be 
recovered, and many other factors. This will require some degree of technical competency, 
and you will need to have your original operating system or recovery media, as well as 
original media for any application software, as well as any license keys ready before you 
begin. 


Extreme caution must be taken in backing up and restoring data to make sure that the 
infection is not reintroduced when data is restored. 


A professional PC repair shop can be contracted locally to perform a clean reinstallation, 
should you not feel capable of doing so yourself. 


1. Back up your entire hard disk. 

2. Reformat the disk. 

3. Re-install the operating system and all your applications from original CDs 

4. Install security software and configure it according to manufacturer’s 
recommendations. 

5. Install all operating system updates. (Setting updates to automatically install 
here is a good idea too.) 

6. Install all updates to your application software. 

Make sure system is clean up to this point by scanning the system. 

8. At this point, you may wish to make an image of your system in a pristine 
state, before restoring anything from backup. You can use this image at a 
later time to speed up a clean reinstallation by only needing to download 
updates. 

9. Treat the contents of the backup as infected, and handle accordingly during 
the restore process. Scan everything you decide to restore, and restore only 
your user files, and not configuration files for programs, registry settings, or 


= 


applications. 


This will take several hours, and require some degree of technical competancy. If you are 
not up to the task a professional repair shop can be paid to perform these steps. 


Computer Virus 


A computer virus is a computer program that can replicate itself and spread from one computer to 
another. When these infected programs are run, the viral code is executed and the virus spreads 
further. Sometimes, what constitutes “programs” is more than simply applications: boot code, device 
drivers, and command interpreters also can be infected. 


A computer virus is one of thousands of programs that can invade computer and perform a variety of 
functions ranging from annoying (e.g., popping up messages as a joke) to dangerous (e.g., deleting 
files or destroying your hard disk). 


Viruses can increase their chances of spreading to other computers by infecting files on a network file 
system or a file system that is accessed by other computers. 


The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, 
even those that do not have the ability to replicate themselves. Malware includes computer viruses, 
computer worms, Trojan horses, most rootkits, spyware, dishonest adware and other malicious or 
unwanted software, including true viruses. Viruses are sometimes confused with worms and Trojan 
horses, which are technically different. 


How Do Viruses Spread 


Computer viruses are programs that must be triggered or somehow executed before they can infect 
your computer system and spread to others. Examples include opening a document infected with a 
“macro virus,” booting with a diskette infected with a “boot sector” virus, or double-clicking on an 
infected program file. Viruses can then be spread by sharing infected files on a diskette, network 
drive, or other media, by exchanging infected files over the Internet via e-mail attachments, or by 
downloading questionable files from the Internet. 


Types of Virus 


Viruses come in a variety of types. Breaking them into categories is not easy as many viruses have 
multiple characteristics and so would fall into multiple categories. We're going to describe two 
different types of category systems: what they infect and how they infect. Because they are so 
common, we're also going to include a category specific to worms. 


These categories include : 


e System Sector Viruses : These infect control information on the disk itself. 


File Viruses : These infect program (COM and EXE) files. 

Macro Viruses : These infect files you might think of as data files. But, because they contain 
macro programs they can be infected, 

Companion Viruses : A special type that adds files that run first to your disk. 

Cluster Viruses : A special type that infects through the disk directory. 

Batch File Viruses : These use text batch files to infect. 

Source Code Viruses : These add code to actual program source code. 

Visual Basic Worms : These worms use the Visual Basic language to control the computer 


and perform tasks. 


How They Infect 


Viruses are sometimes also categorized by how they infect. These categorizations often overlap the 


categories above and may even be included in the description (e.g., polymorphic file virus). These 


categories include: 


Polymorphic Viruses : Viruses that change their characteristics as they infect. 

Stealth Viruses : Viruses that try to actively hide themselves from anti-virus or system 
software. 

Fast and Slow Infectors: Viruses that infect in a particular way to try to avoid specific 
anti-virus software. 

Sparse Infectors : Viruses that don't infect very often. 

Armored Viruses : Viruses that are programmed to make disassembly difficult. 

Multipartite Viruses : Viruses that may fall into more than one of the top classes. 

Cavity (Spacefiller) Viruses : Viruses that attempt to maintain a constant file size when 
infecting. 

Tunneling Viruses : Viruses that try to "tunnel" under anti-virus software while infecting, 
Camouflage Viruses : Viruses that attempted to appear as a benign program to scanners. 
NTFS ADS Viruses : Viruses that ride on the alternate data streams in the NT File System. 
Virus Droppers : Programs that place vises onto your system but themselves may not be 


viruses (a special form of Trojan). 


Some Famous & Worst Computer Virus 


Year 


1971 


1982 


Computer Description 

Virus Name 

Creeper This is noted as possibly the first ever 
computer virus. It infected computers on 
ARPANET. 

Elk Cloner Despite Apple's marketing that their 


systems are less prone to viruses that 
was not always the case. Notable as 
possible the first personal computer 
virus, Elk Cloner infected the boot 
sector of Apple II floppies. 

1988 The Morris The grandfather of computer worms, 


Internet the Morris worm infected Unix systems 

Worm and was notable for its "accidental" 
virulence. 

1999 Melissa The Melissa virus is notable because it 


is a Word macro virus. It cleverly 
spread via e-mails sent to contacts from 
the infected users' address books. 

2000 ILOVEYOU One of the most widespread and rapidly 
spreading viruses ever, the ILOVEYOU 
virus spread via e-mail, posing as an 
executable attachment sent by a friend 
from the target's contact list. 

2001 Code Red Code Red was a computer worm 
observed on the Internet on July 13, 
2001. It attacked computers running 
Microsoft's IIS web server. 

2001 Nimda Nimda is a computer worm, also a file 
infector. It quickly spread, surpassing 
the economic damage caused by 
previous outbreaks such as Code Red. 
Nimda utilized several types of 
propagation technique and this caused it 
to become the Internets most 
widespread virus/worm within 22 


minutes. 
2003 SQL This tiny virus infected servers running 
Slammer Microsoft's SQL Server Desktop 
Engine, and was very fast to spread. 
2003 Blaster Blaster exploited a Windows operating 


system vulnerability and let users know 
of its presence with a system shutdown 
warning. 

2004 Sasser Sasser exploited a buffer overflow and 
spread by connecting to port 445 on 
networked Windows systems. The 
chaos caused was possibly the worst 
ever, as systems restarted or crashed. 


Anti-Virus Software 

e Anti-virus software are programs that are installed onto your computer and can scan and 
remove known viruses which you may have contracted. The software can also be set to 
automatically scan diskettes when inserted into the disk drive, scan files when downloaded 
from the Internet, or scan e-mail when received. 

e Antivirus or anti-virus software is used to prevent, detect, and remove malware, including 
but not limited to computer viruses, computer worms, Trojan horses, spyware and adware. 
Computer security, including protection from social engineering techniques, 1s commonly 


offered in products and services of antivirus software companies. 
e Example of Antivirus Software: AVG, Kaspersky, Avira, Quick-Heal, Bit-defender, 
McAfee, Trend Micro, etc. 


How can you protect yourself? 


With dangerous viruses on the network, what can computer users do to protect their systems? Here 
are just a few hints: 


e Be sure to install an anti-virus software program to guard against virus attacks. Also, be sure 
you turn on the scanning features. It can’t protect you if it’s not enabled. 
Practice caution when working with files from unknown or questionable sources. 
Do not open e-mail attachments if you do not recognize the sender (though you may also 
receive viruses from people you know). Scan the attachments with anti-virus software 
before opening them. 

e Download files only from reputable Internet sites, and be wary when exchanging diskettes or 
other media with friends. 

e Scan your hard drive for viruses monthly. 


Note : Even with these precautions, new viruses may find ways to enter your computer system. 


Worm 


= 


Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it 
propagates through computer networks without user intervention. Unlike a virus, it does not need to 
attach itself to an existing program. Many people conflate the terms "virus" and "worm", using them 
both to describe any self-propagating program. 


CHAPTER 9 


Password cracking and 
How to hack an Email password? 


Password cracking 


of 


Password cracking is the process of recovering passwords from data that has been stored in or 
transmitted by a computer system. A common approach is to repeatedly try guesses for the password. 


Passwords are the most widely used form of authentication throughout the world. A username and 
password are used on computer systems, bank accounts, ATMs, and more. The ability to crack 
passwords is an essential skill to both the hacker and the forensic investigator, the latter needing to 
hack passwords for accessing the suspect's system, hard drive, email account, etc. 


Although some passwords are very easy to crack, some are very difficult. In those cases, the hacker 
or forensic investigator can either employ greater computing resources (a botnet, supercomputer, 
GPU, ASIC, etc.), or they can look to obtain the password in other ways. 


These ways might include insecure storage. In addition, sometimes you don't need a password to 
access password-protected resources. For instance, if you can replay a cookie, session ID, a 
Kerberos ticket, an authenticated session, or other resource that authenticates the user after the 
password authentication process, you can access the password protected resource without ever 
knowing the password. 


Sometimes these attacks can be much easier than cracking a complex and long password. I will do a 
tutorial on various replay attacks in the near future (look out specifically for my upcoming article on 
stealing the Facebook cookie to access someone's Facebook account). 


Password Storage 


In general, passwords are not stored in clear text. As a rule, passwords are stored as hashes. Hashes 
are one-way encryption that are unique for a given input. These systems very often use MD5 or SHA! 
to hash the passwords. 


In the Windows operating system, passwords on the local system are stored in the SAM file, while 
Linux stores them in the /etc/shadow file. These files are accessible only by someone with 
root/sysadmin privileges. In both cases, you can use a service or file that has root/sysadmin 
privileges to grab the password file (e.g. DLL injection with samdump.dll in Windows). 


Types of Attacks 
Dictionary 


A dictionary attack is the simplest and fastest password cracking attack. To put it simply, it just runs 
through a dictionary of words trying each one of them to see if they work. Although such an approach 
would seem impractical to do manually, computers can do this very fast and run through millions of 
words ina few hours. This should usually be your first approach to attacking any password, and in 
some cases, it can prove successful in mere minutes. 


Rainbow Table 


Most modern systems now store passwords in a hash. This means that even if you can get to the area 
or file that stores the password, what you get is an encrypted password. One approach to cracking 
this encryption is to take dictionary file and hash each word and compare it to the hashed password. 
This is very time- and CPU-intensive. A faster approach is to take a table with all the words in the 
dictionary already hashed and compare the hash from the password file to your list of hashes. If there 
is a match, you now know the password. 


Brute Force 


Brute force is the most time consuming approach to password cracking. It should always be your last 
resort. Brute force password cracking attempts all possibilities of all the letters, number, special 
characters that might be combined for a password and attempts them. As you might expect, the more 
computing horsepower you have, the more successful you will be with this approach. 


Hybrid 


A hybrid password attack is one that uses a combination of dictionary words with special characters, 
numbers, etc. Often these hybrid attacks use a combination of dictionary words with numbers 
appending and prepending them, and replacing letters with numbers and special characters. For 
instance, a dictionary attack would look for the word "password", but a hybrid attack might look for 
"p@$$wOrd123". 


Commonly Used Passwords 


As much as we think each of us is unique, we do show some common patterns of behavior within our 
species. One of those patterns is the words we choose for passwords. There are number of wordlists 
that have been compiled of common passwords. In recent years, many systems have been cracked and 
passwords captured from millions of users. By using these already captured passwords, you are 
likely to find at least a few on the network you are trying to hack. 


Password Cracking Strategy 


Many newbies, when they start cracking passwords, simply choose a tool and word list and then turn 
them loose. They are often disappointed with the results. Expert password crackers have a strategy. 
They don't expect to be able to crack every password, but with a well-developed strategy, they can 
crack most passwords in a very short amount of time. 


The key to develop a successful strategy of password cracking is to use multiple iterations, going 
after the easiest passwords with the first iteration to the most difficult passwords using different 
techniques for each iteration. 


CHAPTER 10 


Penetration Testing 


Penetration Testing 


Penetration testing is the process of attempting to gain access to resources without knowledge of 
usernames, passwords and other normal means of access. If the focus is on computer resources, then 
examples of a successful penetration would be obtaining or subverting confidential documents, 
pricelists, databases and other protected information. 


The main thing that separates a penetration tester from an attacker is permission. The penetration 
tester will have permission from the owner of the computing resources that are being tested and will 
be responsible to provide a report. The goal of a penetration test is to increase the security of the 
computing resources being tested. 


In many cases, a penetration tester will be given user-level access and in those cases, the goal would 
be to elevate the status of the account or user other means to gain access to additional information that 
a user of that level should not have access to. 


Some penetration testers are contracted to find one hole, but in many cases, they are expected to keep 
looking past the first hole so that additional vulnerabilities can be identified and fixed. It is important 
for the pen-tester to keep detailed notes about how the tests were done so that the results can be 
verified and so that any issues that were uncovered can be resolved. 


It’s important to understand that it is very unlikely that a pen-tester will find all the security issues. As 
an example, if a penetration test was done yesterday, the organization may pass the test. However, 
today is Microsoft’s “patch Tuesday” and now there’s a brand new vulnerability in some Exchange 
mail servers that were previously considered secure, and next month it will be something else. 
Maintaining a secure network requires constant vigilance. 


Pen-Testing vs. Vulnerability Assessment 


The main focus of this paper is penetration testing but there is often some confusion between 
penetration testing and vulnerability assessment. The two terms are related but penetration testing has 
more of an emphasis on gaining as much access as possible while vulnerability testing places the 
emphasis on identifying areas that are vulnerable to a computer attack. An automated vulnerability 
scanner will often identify possible vulnerabilities based on service banners or other network 
responses that are not in fact what they seem. A vulnerability assessor will stop just before 
compromising a system, whereas a penetration tester will go as far as they can within the scope of the 
contract. 


It is important to keep in mind that you are dealing with a ‘Test.’ A penetration test is like any other 
test in the sense that it is a sampling of all possible systems and configurations. Unless the contractor 


is hired to test only a single system, they will be unable to identify and penetrate all possible systems 
using all possible vulnerabilities. As such, any Penetration Test is a sampling of the environment. 
Furthermore, most testers will go after the easiest targets first. 


How Vulnerabilities Are Identified 


Vulnerabilities need to be identified by both the penetration tester and the vulnerability scanner. The 
steps are similar for the security tester and an unauthorized attacker. The attacker may choose to 
proceed more slowly to avoid detection, but some penetration testers will also start slowly so that the 
target company can learn where their detection threshold is and make improvements. 


The first step in either a penetration test or a vulnerability scan is reconnaissance. This is where the 
tester attempts to learn as much as possible about the target network as possible. This normally starts 
with identifying publicly accessible services such as mail and web servers from their service 
banners. Many servers will report the Operating System they are running on, the version of software 
they are running, patches and modules that have been enabled, the current time, and perhaps even 
some internal information like an internal server name or IP address. 


Once the tester has an idea what software might be running on the target computers, that information 
needs to be verified. The tester really doesn’t KNOW what is running but he may have a pretty gooc 
idea. 


The information that the tester has can be combined and then compared with known vulnerabilities, 
and then those vulnerabilities can be tested to see if the results support or contradict the prior 
information. 


In a stealthy penetration test, these first steps may be repeated for some time before the tester decides 
to launch a specific attack. In the case of a strict vulnerability assessment, the attack may never be 
launched so the owners of the target computer would never really know if this was an exploitable 
vulnerability or not. 


Why Perform Penetration Testing? 
Security breaches and service interruptions are costly 


Security breaches and any related interruptions in the performance of services or applications, can 
result in direct financial losses, threaten organizations’ reputations, erode customer loyalties, attract 
negative press, and trigger significant fines and penalties. A recent study conducted by the Ponemon 
Institute (2014 Cost of Data Breach Study: Global Analysis) reported the average cost of a dat 
breach for the affected company is now $3.5 million. Costs associated with the Target data breach 
that occurred in 2013 reached $148 million by the second quarter of 2014. 


It is impossible to safeguard all information, all the time 


Organizations have traditionally sought to prevent breaches by installing and maintaining layers of 
defensive security mechanisms, including user access controls, cryptography, IPS, IDS and firewalls 


However, the continued adoption of new technologies, including some of these security systems, and 
the resulting complexity introduced, has made it even harder to find and eliminate all of an 
organizations’ vulnerabilities and protect against many types of potential security incidents. New 
vulnerabilities are discovered each day, and attacks constantly evolve in terms of their technical and 
social sophistication, as well as in their overall automation. 


Penetration testing identifies and prioritizes security risks 


Penetration testing evaluates an organization’s ability to protect its networks, applications, endpoints 
and users from external or internal attempts to circumvent its security controls to gain unauthorized or 
privileged access to protected assets. Test results validate the risk posed by specific security 
vulnerabilities or flawed processes, enabling IT management and security professionals to prioritize 
remediation efforts. By embracing more frequent and comprehensive penetration testing, 
organizations can more effectively anticipate emerging security risks and prevent unauthorized access 
to critical systems and valuable information. 


Pen test strategies 
Targeted testing 


Targeted testing 1s performed by the organization's IT team and the penetration testing team working 
together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test 
being carried out. 


External testing 


This type of pen test targets a company's externally visible servers or devices including domain name 
servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside 
attacker can get in and how far they can get in once they've gained access. 


Internal testing 


This test mimics an inside attack behind the firewall by an authorized user with standard access 
privileges. This kind of test is useful for estimating how much damage a disgruntled employee could 
cause. 


Blind testing 


A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the 
information given to the person or team that's performing the test beforehand. Typically, they may only 
be given the name of the company. Because this type of test can require a considerable amount of time 
for reconnaissance, it can be expensive. 


Double blind testing 


Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one 
or two people within the organization might be aware a test is being conducted. Double-blind tests 
can be useful for testing an organization's security monitoring and incident identification as well as its 
response procedures. 


Four distinct pen testing service offerings you can provide customers to ensure they have full 
coverage. 


Vulnerability scanning 


This is a straightforward opportunity and a mature offering. The biggest question you'll face is 
whether to resell a service offering (like that from Qualys) or to buy a tool and use it internally to 
scan your customer's networks and systems. Scanning is one of the requirements for nearly every 
regulation, so this is an easy step along the path to security assurance, since all of your regulated 
customers need to scan. 


Infrastructure pen testing 


This offering involves a tool that uses live exploits, like Metasploit or Core Impact. You'll use live 
ammunition, so orchestrate these tests with the client to ensure the minimum amount of disruption. 
You should test all externally visible IP addresses -- that's what the bad guys out there can see and 
are likely trying to penetrate. You may also want to see what you can find if you attach to a 
conference room network, one of the softest parts of a customer's defenses. 


Application pen testing 


Trying to break into applications is probably the most important step nowadays, given that so many 
attacks directly target applications. You can use a Web application scanner (HP's WebInspect, IBM's 
AppScan), but you should also invest in some people that know how to exploit application logic 
errors. There's no substitute for a skilled application tester to determine what's broken in an 
application. Once the initial application is compromised, go directly after the database, where the 
valuable stuff is. If you can get into the database, the customer is owned. It's much better for you to 
figure this out than a malicious hacker. 


User testing 


This is actually the most fun task for penetration testers. You get to see how gullible most users are. 
This type of testing can involve emailing fake messages to customer service reps, trying to talk your 
way into the facility (past security or the receptionist) or even dropping thumb drives in the parking 
lot to see who will plug them into their machines. Many folks are against social-engineering end 
users, but not me. Remember, malicious hackers don't have a set of rules. They use social engineering 
because it works. Don't let social engineering surprise your customer and catch them off-guard. 


PENETRATION TESTING TOOL 


Reconnaissance Tools 


Reconnaissance often begins with searches of internet databases including DNS registries, WHOIS 
databases, Google, on-line news sources, business postings, and many other on-line resources. The 
reconnaissance phase often includes print media as well, specifically electronically searchable 
archives that would be found at a college library or large public library. 


Nmap 


Nmap is a popular port scanning tool. Port scanning is typically a part of the reconnaissance phase of 
a penetration test or an attack. Sometimes attackers will limit their testing to a few ports while other 
times they will scan all available ports. To do a thorough job, a vulnerability scanner should scan all 
port and, in most cases, a penetration tester will scan all ports. An actual attacker may choose to not 
scan all ports if he finds a vulnerability that can be exploited because of the “noise” (excess traffic) a 
port scanner creates. 


Another capability of nmap is its ability to determine the operating system of the target computer. 


Different networking implementations will respond differently to different network packets. Nmap 
maintains a type of database and will match the responses to make a guess at what type of operating 
system the target computer 1s running. This OS detection isn’t perfectly accurate but it can help the 
attacker tailor his attack strategy, especially when coupled with other pieces of information. 


Nessus 


Nessus is a popular vulnerability scanner that many security professionals use regularly. Nessus has a 
huge library of vulnerabilities and tests to identify them. In many cases, Nessus relies on the 
responses from the target computer without actually trying to exploit the system. Depending on the 
scope of a vulnerability assessment, the security tester may choose an exploitation tool to verify that 
reported vulnerabilities are exploitable. 


Nessus includes port scanning and OS detection, so sometimes a vulnerability assessment will just 
use Nessus and let Nessus call nmap or other scanners for these components of the test. For a stealthy 
scan, a security professional or an attacker may choose to run these tools separately to avoid 
detection. 


Packet Manipulation and Password Cracking Tools 


There are many other reconnaissance tools within the penetration tester arsenal, but two categories 
bear special mention here: packet manipulation tools and password cracking tools. The former 
category includes tools like hping that allows a penetration tester or attacker to create and send all 
types of specially crafted TCP/IP packets in order to test and exploit network-based security 
protections, such as firewalls and IDS/IPS. The password cracking category includes tools like Joh 
the Ripper or Cain and Able, which is used to detect and obtain weak password for multiple 


authentication mechanisms, such as the ones supported by most Unix and Windows operating systems. 


Exploitation Tools 


Exploitation tools are used to verify that an actual vulnerability exists by exploiting it. It’s one thing 
to have vulnerability testing software or banners indicate the possibility of an exploitable service, but 
quite another to exploit that vulnerability. Some of the tools in this category are used by both attackers 
and penetration testers. There are many more exploitation tools than the ones listed here. Many tools 
in this category are single-purpose tools that are designed to exploit one vulnerability on a particular 
hardware platform running a particular version of an exploitable system. The tools that we’ve 
highlighted here are unique in the fact that they have the ability to exploit multiple vulnerabilities on a 
variety of hardware and software platforms. 


Metasploit Version 2.5 


Metasploit is a relatively new addition to the penetration tester’s tool belt. It provides attack libraries 
attack payloads that can be put together in a modular manner. The main purpose of Metasploit is to get 
to a command prompt on the target computer. Once a security tester has gotten to a command-line, it is 
quite possible that the target computer will be under his total control in a short time. The currently 
released version of Metasploit Framework as of June, 2006 is version 2.5. Version 3.0 is expected 
out shortly. 


This is a tool that attackers would use to take over, or own, a computer. Once an attacker can gain this 
level of access to a computer, they would often install code that would allow them to get back onto 
the computer more easily in the future. In some cases, a penetration tester would also install tools on 
the computer, but often they would simply document the access and what data was available and 
move on to other testing. 


This would depend on the defined scope of the testing. The security professional also would want to 
be careful about causing data loss or server instability that may result in lost productivity. A 
malicious attacker may be more cavalier about using the computer without regard to lost productivity, 
though a highly skilled attacker targeting a specific company may be very careful not to damage the 
system so that they can avoid detection. 


SecurityForest Exploitation Framework 


Although still technically in Beta version, the SecurityForest Exploitation Framework is anothe: 
open-source tool that can be leveraged by penetration testers. This framework leverages a collection 
of exploit code known as the ExploitTree, and the Exploitation Framework is a front-end GUI tha 
allows testers to launch exploit code through a Web browser (similar to Metasploit’s Web interface). 
The Framework is very similar to Metasploit, in fact, with a few key differences. ExploitTree has < 
remarkable number of exploits included, but the vast majority of these are in pre-compiled format 
(most likely in a C file) or exist as Perl executables. 


They are also not natively integrated into the Framework. This framework is not nearly as extensible 
as some other tools; it primarily functions as a GUI to launch attacks from. 


CORE IMPACT (version 5.1) 


CORE IMPACT is a commercial penetration testing tool that combines a healthy dose o 
reconnaissance with exploitation and reporting into one point and click penetration testing tool. The 
main purpose of CORE 


IMPACT is to identify possible vulnerabilities in a program, exploit those vulnerabilities without! 
causing system outages, and clearly document every step along the way so that the entire procedure 
can be verified by another party. 


The CORE IMPACT penetration testing tool makes is easy for a network administrator or penetratio: 
tester to run tests against a network or host without having a whole suite of security testing utilities. 
Overall, we found the program to do a good job of scanning the network for vulnerabilities, 
successfully exploiting them, and reporting on the results. 


One really slick feature of CORE IMPACT is the ability to install an agent on a compromise: 
computer and then launch additional attacks from that computer. This proved useful in an actual 
penetration testing assignment by allowing the tester to compromise one machine and from there run 
automated scans inside the network looking for additional machines. Those scans weren’t quite as 
good as actually being on-site, but it did allow us to discover internal hosts from outside the network. 


For most systems, CORE IMPACT will work well, but as Core Security Technologies states in thei 
documentation, it isn’t meant to be a replacement for an experienced penetration tester. One of the 
areas we ran into some trouble on was when a single IP address had different ports mapped to 
different servers with different operating systems. Sometimes CORE IMPACT would identify a hos 
as having a given operating system and then refuse to launch a vulnerability against a service that did 
not match that operating system. In one tested network, a single public IP address was in use by three 
different computers: an Exchange server, an IIS web server, and a Linux computer running SSH. Thi 
OS had been identified as being in the Linux family so an attack against IIS vulnerability wasn’t ar 
option. We were able to work around this by re-scanning the machine using only the ports that 
mapped to the Windows system. 


As a commercial vendor, Core Security Technologies does a lot of testing of their exploit code to 
ensure that it will not adversely affect the target hosts. In testing CORE IMPACT, we found that i 
was rare for it to crash systems. There was one case where an unpatched Windows 2003 server 
rebooted a few times in different testing scenarios. Later, the same test was used to exploit the system 
and gain access to a command prompt. Other than this one test against an unpatched Windows 2003 
server, we did not crash any systems. 


The reporting feature of CORE IMPACT is quite good. It includes an executive report, a report the 
lists vulnerabilities and all the machines affected by those vulnerabilities, a detailed report of all 
hosts and an exhaustive report of every test that was run, when it ran, how long it ran and detailed 
results of the running. 


This last report is one that you don’t need very often but if you do need it, it has all the details do 
duplicate a test. Keeping accurate notes is one of the most difficult and time consuming tasks for a 
pen-tester because often many tests are attempted with small variations to the test. CORE IMPAC? 
makes it easy to go back and find any steps that weren’t properly recorded. 


Manual Penetration Test 


Manual penetration testing layers human expertise on top of professional penetration testing software 
and tools, such as automated binary static and automated dynamic analysis, when assessing high 
assurance applications. A manual penetration test provides complete coverage for standard 
vulnerability classes, as well as other design, business logic and compound flaw risks that can only 
be detected through manual testing. 


Penetration Testing Methodology 


Once the threats and vulnerabilities have been evaluated, the penetration testing should address the 
risks identified throughout the environment. The penetration testing should be appropriate for the 
complexity and size of an organisation. All locations of sensitive data; all key applications that store, 
process or transmit such data; all key network connections; and all key access points should be 
included. The penetration testing should attempt to exploit security vulnerabilities and weaknesses 
throughout the environment, attempting to penetrate both at the network level and key applications. 
The goal of penetration testing is to determine if unauthorised access to key systems and files can be 
achieved. If access is achieved, the vulnerability should be corrected and the penetration testing re- 
performed until the test is clean and no longer allows unauthorised access or other malicious activity. 


CHAPTER 11 
WINDOWS HACKING TRICKS 


Windows Hacking 


Windows hacking is the practice of modifying Windows Operating System to accomplish a goal 
outside of the creator’s original purpose. People who engage in hacking activities are often called 
hackers. Since the word “hack” has long been used to describe someone who is incompetent at 
his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition 
to their skills. Windows hacking is most common among teenagers and young adults, although there 
are many older hackers as well. 


REGISTRY EDITOR RELATED HACKING 


What is Windows Registry? (Registry Editor) 


Windows Registry is a database used to store information that is necessary to configure the system for 
one or more users, applications and hardware devices and it keeps record of the settings of all the 
Software installed in Computer including Operating System. 


To open Registry Editor: Start > All Programs > Accessories > Run > regedit 


I| file Edit View Favorites Help 


a | Computer 
A HKEY_CLASSES_ROOT 
KEY cu 


RRENT_USER 
J WKEY_LOCAL_MACHINE 
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Ji HKEV_CURRENT_CONFIG 


Registry Editor Window 


Windows Registry contains Five Hives and hives contain Keys and Sub keys and their respective 
Values. 


HKEY CLASSES ROOT: The information that is stored here makes sure that the correct program 
opens when you open a file by using Windows Explorer. 


HKEY CURRENT_USER: Contains the configuration information for the user who is currently 
logged on. The user’s folders, screen colors, and Control Panel settings are stored here. 


HKEY LOCAL MACHINE: Contains configuration information particular to the computer (for any 
user). 


HKEY USERS: Contains all the actively loaded user profiles on the computer. 
HKEY CURRENT USER is a subkey of HKEY USERS. 


HKEY CURRENT CONFIG: Contains information about the hardware profile that is used by the 
local computer at system startup. 


Types of Keys 


Binary Value (REG_BINARY):Raw binary data. Most hardware component information is stored 
as binary data and is displayed in Registry Editor in hexadecimal format 


DWORD Value (REG _DWORD):Data represented by a number that is 4 bytes long (a 32-bit 
integer). Can also contain binary, hexadecimal, or decimal format 


Expandable String Value (REG EXPAND _SZ):A variable-length data string. This data type 
includes variables that are resolved when a program or service uses the data 


String Value (REG_SZ): A fixed-length text string 


Multi-String Value (REG MULTI SZ):Values that contain lists or multiple values in a form that 
people can read are generally this type. 


Disclaimer: Modifying the registry can cause serious problems that may require you to reinstall your 
operating system. We cannot guarantee that problems resulting from modifications to the registry can 


be solved. Use the information provided at your own risk. 


Back up the registry 


Before you make changes to aregistry key or subkey, we recommend that you export, or make a 
backup copy, of the key or sub key. You can save the backup copy to a location you specify, such as a 
folder on your hard disk or a removable storage device. If you make changes that you want to undo, 
you can import the backupcopy. 


l. 


2. 
3. 
. In the Save in box, select the location where you want to save the backup copy to, and then 


Tips: 


Open the Registry Editor by clicking the Start button, typing regedit into the search box, 
and then pressing Enter. 

Locate and click the key or subkey that you want to back up. 

Click the File menu, and then click Export. 


type a name for the backup file in the Filenamebox. 


. Click Save. 


You must be logged on as an administrator to perform these steps. If you aren't logged in as 
an administrator, you can only change settings that apply to your user account. 

Although you can back up more than just the registry key or subkey that you are modifying, 
doing so adds to the size of the backup file. 


Ultra-speed Shutdown of Windows 7 


Follow the following steps to shutdown your Computer with ultra-speed 


l. 


2: 


3. 


Open the Registry Editor by clicking the Start button, typing regedit into the search box, 
and then pressing Enter. 

In left pane of Registry Editor, go to 
HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Control 

In the right pane, right click on WaitToKillService Timeout and click on Modify. 


4. Type in a number between 2000-20000 (2-20 seconds) and click on OK. 


NOTE: The default time is 12000 (72 seconds). 
5. Close regedit. 
6. After rebooting (restart) Windows the new settings will take effect. The time to wait for 
terminating services will be faster and shutdown won’t drag on forever. 


NOTE: If you have problems with programs from your computer shutting down too quickly, ther 
repeat the above steps and increase the time (Step 5) a bit. 


Change the log-on screen of Windows 7 


l. 
2; 


6. 


Press Windows Logo key + R to open Run, type regedit and press Enter. 

Go to: 

HKEY LOCAL MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentica 
LogonUI\Background 

Double-click the OKEMBackground DWORD key and Set value of the key to 1. 

Select a background image for logon screen with size less than 256 KB and Rename that 
image as BackgroundDe fault. 


. Copy that image, Open My Computer and go to 


C:\Windows\system32\oobe\info\backgrounds folder 
Paste it and select Copy and Replace. 


Tips: Cut and paste the original log-on Screen image in a folder for further use. 
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Reboot, and now your logon image would have changed. 


Disable or Enable USB Ports/USB drive/Pen-Drive in Windows 7 


Its really very easy to enable and disable a USB port of your Laptop and desktop computer. Many 
companies disabled their employee’s laptop to prevent data threat. Also many schools, colleges and 
universities block the USB ports of their computer. So, here is the easy way to enable USB ports 
access it and disable it back. 


l. 
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Open the Registry Editor by clicking theStart button, typing regedit into the search box, 
and then pressing Enter. 

In left pane of Registry Editor, go to 
HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR 

Right Click Start and Click Modify on right pane of Registry Editor. 


4. Do one of the following: 
e To enable USB ports: change the value from 4 to 3 
e To disable USB ports: change the Value from 3 to 4 
5. After rebooting (restart) Windows the new settings will take effect. The time to wait for 
terminating services will be faster and shutdown won’t drag on forever. 


How to Display Legal Notice on Start up of your Windows 


If your PC has multiple users then you can display legal notice to every user before they login to your 
PC. This legal notice will be displayed at every startup just before the Desktop is loaded. Using this 
you can tell your friends about the do’s and don’ts in your computer when they login in your absence. 
To do this: 


1. Click on Start button and type regedit and press Enter 
2. Navigate to the following key in the registry 
HKEY LOCAL MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\sys 

3. On the right side pane look for legalnoticecaption, double click on it and enter the desired 
Legal Notice Caption. 

4. Next below this look for legalnoticetext and enter the desired Legal Notice Text. The legal 
notice text can be up to a page in its size so that it can include a set of do’s and don’ts for 
your computer. 

5. After you does this just restart your computer and upon the next startup you can see the legal 
notice information for your computer. 


Faster Thumbnail Previews 


The taskbar shows thumbnail previews of opened windows when you hover the mouse over the 
program icon. By default, it takes a little time for the preview to appear. Make the previews appear 
faster with this registry tweak: 


1. Open the Registry Editor by clicking the Start button, typing regedit into the search box, 
and then pressing Enter. 

2. Navigate to HKEY CURRENT_USER\Control Panel\Mouse. 

3. On the right, open the MouseHoverTime key and reduce its value from the default 400 to 
around 150. (Be careful, as decreasing the key further may cause problems.) 

4. After rebooting (restart) Windows the new settings will take effect. 


Disable Right-Click 


This trick removes the context menu that would normally appear when the user right clicks on the 
desktop or in the Explorer right results pane. 


1. Open the Registry Editor by clicking the Start button, typing regedit into the search box, 
and then pressing Enter. 
2. Browse to this key in the registry: 
HKEY Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer 
3. Change the value of NoViewContextMenu to 1. 
4. Now close the registry editor and restart your computer after any changes to go into effect. 


Tips: If NoViewContextMenudoesn't exist then you can create it. Right click in the right-hand pane; 
select New, then DWORD (32-bit) Value for 32 bit on Windows 7. 


How to Disable or Enable Folder Options in Windows 7 
Disable Folder Options in Windows 7 


1. Click the Start button, and type regedit in the search box. 
2. Browse the list as 


HKEY CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer 
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Rename 
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4. Name it NoFolderOptions. 
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5. Double click on it to set its value data to 1. 


Edt DWORD 02-bit) Value 


Enable Folder Options in Windows 7 


Double click on the value named NoFolderOptions to set its value data to 0. 


Clean up the “Open With” Menu in Explorer 


Have you ever accidently opened an mp3 with Notepad, or a zip file with Word? If so, you’re also 
likely irritated that these programs now show up in the Open with menu in Windows Explorer every 
time you select one of those files. Whenever you open a file type with a particular program, 
Windows will add an entry for it to the Open with menu. Usually this is helpful, but it can also clutter 
up the menu with wrong entries. On our computer, we have tried to open a PDF file with Word and 
Notepad, neither which can actually view the PDF itself. Let’s remove these entries. To do this, we 
need to remove the registry entries for these programs. 


1. Enter regedit in your Start menu search or in the Run command to open the Registry 
editor. 


Tips: Backup your registry first just in case, so you can roll-back any changes you make if you 
accidently delete the wrong value. 


2. Now, browse to the following key: 


HKEY CURRENT _USER \Software \Microsoft \Windows \CurrentVersion \ Explor 
\File Exts\ 


3. Now, you will see a list of all the file extensions that are registered on your computer. 
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4. Browse to the file extension you wish to edit, click the white triangle beside it to see the 
subfolders, and select OpenWithList. In our test, we want to change the programs 
associated with PDF files, so we select the OpenWithList folder under .pdf. 

5. Notice the names of the programs under the Data column on the right. Right-click the value 
for the program you don’t want to see in the Open With menu and select Delete. 

6. Click Yes at the prompt to confirm that you want to delete this value. 

7. Repeat these steps with all the programs you want to remove from this file type’s Open with 
menu. Youcan go ahead and remove entries from other file types as well if you wish. 

8. Restart the computer and check out the Open with menu in Explorer again. Now it will be 
much more streamlined and will only show the programs you want to see. 


Add Recycle Bin to My Computer in Windows 7 


To add the Recycle Bin on My Computer, follow the steps: 


1. Open up regedit.exe through the start menu search or run box 
2. Go to: 

HKEY LOCAL MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explor 
3. Now right-click and create a New Key 
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4. Name the key with the following text as shown in the below figure: 
{645FF040-5081-101B-9F08-00AA002F954E} 


Registry Ector x 
fie Eom View Favorites Help 
4- MyComouter 
a 


l 

i anups 
i DefragPath 
b 


L Detegatefoider 
D. (645FF040-5081-1018-9F08-00AA002F954E 
L NetworkNeignborhood 


5. Close the Registry Editor and Open My Computer. 


Add Control Panel to My Computer in Windows 7 
To add the Control Panel on My Computer, follow the steps: 


1. Open up regedit.exe through the start menu search or run box 
2. Go to: 

HKEY LOCAL MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explor 
3. Now right-click and create a New Key 


4. Name the key with the following text as shown in the below figure 
{26EE0668-A00A-44D7-937 1-BEB064C98683 } 
Or 
{21EC2020-3 AEA-1069-A2DD-08002B30309D} 
Tips: 


e Category View 
{26EE0668-A00A-44D7-9371-BEB064C98683 } 
e Icon View 
{21EC2020-3 AEA-1069-A2DD-08002B30309D} 
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5. Close the Registry Editor and Open My Computer. 


LOCAL GROUP POLICIES RELATED HACKING 
Want to know: What happened in your absences on your PC? 


1. Press Windows logo key + R to open Run 

2. Type eventvwr.msc and press Enter. Then Event Viewer window will open. (Events are 
stored in three log files: Application, Security, and System. These logs can be reviewed 
and archived. For our purposes we want the System log. ) 
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3. Click on Windows Log and then double-click on System in the left-hand column for a list 
of events. 
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4. Look for a date and time when you weren’t home and your computer should have been off. 
Double click on the eg: Information and it will show u the detail. 


Tips: You can also use this log to see how long someone was on the computer. Just look at the time 
the computer was turned on and off for that day. 


How to Disable Shutdown, Restart, Sleep and Hibernate 


Someday, you might want to make a computer could not be turned off easily. For example because 
you are running a program that needs a long time to wait (download a big file, rendering a video, etc.) 
and you have to leave the room. To prevent anyone else to turn off the computer, then one way is to 
disable the function of Shutdown, Restart, Sleep or Hibernate menu. 


Follow these easy steps to disable Shutdown, Restart, Sleep and Hibernate: 


1. Click Start button, type gpedit.msc in the Start menu’s search box and then press Enter. 
Local Group Policy editor window will open. 
2. Go to User Configuration > Administrative Templates > Start Menu And Taskbar 
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3. In the right pane, find the Remove and Prevent Access to the shutdown, Restart, Sleep 
and Hibernate. Then double click on it. 
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4. Select Enable, and then click OK. 
Tips: 


e To make it back in to the normal function, just follow all the steps above, except for the last 
one; you need to change back the option from Enable to Disable. 

e When being in a state of disable, in fact we can still shutdown the computer. The way is by 
typing the below instructions in the search (Windows 7) and press Enter. 


shutdown /s (for shutdown) 


shutdown /r (to restart) 


How to Disable Access to the Registry in Windows 7 


If you don’t know what you’re doing in the Registry, you can mess up your computer pretty good. This 
trick helps you to prevent users from accessing the Registry and making any changes to it. 


To do this using Local Group Policy Editor: 
Tips: This method uses Group Policy Editor which is not available in Home versions of Windows. 


1. Type gpedit.msc into the Search box in the Start menu 

2. When Group Policy Editor opens, navigate toUser Configuration \ Administrative 
Templates then select System. Under Setting in the right panel double-click on Prevent 
access to registry editing tools. 
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3. Select the radio button next to Enabled, click OK, then close out of Group Policy Editor. 
4. Now ifa user tries to access the Registry, Then he will get the following message advising 
they cannot access it. 
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x) Registry editing has been disabled by your administrator. 


Prevent access to the command prompt 
This trick helps you to prevent users from accessing the Command prompt. 


1. Type gpedit.msc into the Search box in the Start menu 

2. WhenGroup Policy Editor opens, navigate to User Configuration \ Administrative 
Templates then select System. Under Setting in the right panel double-click on Prevent 
access to the command prompt. 
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3. Select the radio button next to Enabled, click OK, and then close out of Group Policy 
Editor. 


How to show or hide Control Panel items in Windows 7 


One of the common lock down’s that administrator apply to Remote Desktop Services Servers is tc 
remove all but the essential control panel items. The .cpl (e.g. timedate.cpl) file name of the control 
panel item you wanted to show or hide however this has changed in Windows 7 and you now need to 
use the Canonical Name when hiding or showing specific items. Below I will explain the new way o: 
configuring control panel items for Windows 7 and show you the affect that this has on the control 
panel. 


Before you begin I recommend that you take a look at the below table which lists all the Canonical 
names for the control panel items for Windows 7. You will need to know what Canonical names of 
the item you want to restrict or allow. 


Windows 7 Control Panel Canonical Names 


The following canonical names are defined for Control Panel items in Windows 7. Not all Contro 
Panel items are available on all varieties of Windows and some Control Panel items might appear 
only when appropriate hardware is detected. 


Control Panel Canonical name 
Item 


Action Center Microsoft. ActionCenter 
Administrative Microsoft. Administrative Tools 
Tools 

AutoPlay Microsoft. AutoPlay 

Backup and Microsoft.BackupAndRestore 
Restore 

Biometric Microsoft.BiometricDevices 
Devices 

BitLocker Microsoft.BitLockerDriveEncryption 
Drive 

Encryption 

Color Microsoft.ColorManagement 
Management 

Credential Microsoft.CredentialManager 


Manager 


Date and Time 
Default 
Location 
Default 
Programs 
Desktop 
Gadgets 
Device 
Manager 
Devices and 
Printers 
Display 

Ease of Access 
Center 

Folder Options 
Fonts 

Game 
Controllers 
Get Programs 
Getting Started 
HomeGroup 
Indexing 
Options 
Infrared 
Internet 
Options 

iSCSI Initiator 
Keyboard 
Location and 
Other Sensors 
Mouse 
Network and 
Sharing Center 
Notification 
Area Icons 
Offline Files 
Parental 
Controls 

Pen and Touch 
People Near 
Me 
Performance 
Information and 
Tools 
Personalization 
Phone and 
Modem 
Power Options 
Programs and 
Features 
Recovery 
Region and 
Language 
RemoteApp 


Microsoft.DateAndTime 
Microsoft.DefaultLocation 


Microsoft.DefaultPrograms 
Microsoft.DesktopGadgets 
Microsoft.DeviceManager 
Microsoft.DevicesAndPrinters 


Microsoft.Display 
Microsoft.EaseOfAccessCenter 


Microsoft.FolderOptions 
Microsoft.Fonts 
Microsoft.GameControllers 


Microsoft.GetPrograms 
Microsoft.GettingStarted 
Microsoft. HomeGroup 
Microsoft. IndexingOptions 


Microsoft.Infrared 
Microsoft. InternetOptions 


Microsoft.iSCSIInitiator 
Microsoft.Keyboard 
Microsoft.LocationAndOtherSensors 


Microsoft.Mouse 
Microsoft.NetworkAndSharingCenter 


Microsoft.NotificationArealcons 


Microsoft.OfflineFiles 
Microsoft.ParentalControls 


Microsoft.PenAndTouch 
Microsoft.PeopleNearMe 


Microsoft.P erformanceInformationAndTools 
Microsoft.Personalization 
Microsoft.PhoneAndModem 


Microsoft.P owerOptions 
Microsoft.ProgramsA ndFeatures 


Microsoft.Recovery 
Microsoft.RegionA ndLanguage 


Microsoft.RemoteAppAndDesktopConnections 


and Desktop 


Connections 

Scanners and Microsoft.ScannersAndCameras 
Cameras 

Sound Microsoft.Sound 

Speech Microsoft.SpeechRecognition 
Recognition 

Sync Center Microsoft.SyncCenter 

System Microsoft.System 

Tablet PC Microsoft. TabletP CSettings 
Settings 

Taskbar and Microsoft. TaskbarAndStartMenu 
Start Menu 

Text to Speech Microsoft.TextToSpeech 
Troubleshooting Microsoft. Troubleshooting 

User Accounts Microsoft. UserAccounts 
Windows Microsoft. WindowsAnytime Upgrade 
Anytime 

Upgrade 

Windows Microsoft.CardSpace 
CardSpace 

Windows Microsoft. WindowsDefender 
Defender 

Windows Microsoft. Windows Firewall 
Firewall 

Windows Microsoft.MobilityCenter 
Mobility Center 

Windows Microsoft. WindowsSideShow 
SideShow 

Windows Microsoft. WindowsUpdate 
Update 


To hide Control Panel items in Windows 7, do the followings: 


1. Type gpedit.msc into the Search box in the Start menu 

2. W h e nGroup Policy Editor opens, navigate to User 
Configuration\Policies\Administrative Templates\Control Panel Under Setting in the 
right panel double-click on Hide specified Control Panel items. 


T Software Settings * | Setting 

a owe S 4, 
| Windows Settings H Personalization 
| Adrnanistrative Terry 


a ` Printers 

_ Control Panel E Program: 

= Desktop Diaan n 

I Network _~ Regional and Language Options 
D Shared Folders | | $8 


Start Menu end 1° | E Always open All Control Panel Items when opening 
System i Prohibit access to the Control Panel 


ó [u (i 


Windows Compe L Show only specified Control Panel items 


All Settings - 


4 settingis) 


3. Select the radio button next to Enabled, Click Show button. 
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4. Then Show Content dialog-box will appear. Type the required Canonical names and click 
OK. 
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List of disallowed Control Panel items 


For example: If i want to hide Action Center, then I will type Microsoft. ActionCenter in the Value 
field. 


5. Click OK, and then close out of Group Policy Editor. 


Note: In this example we are only going to hide the control panel items we want to see (white list) 
however if you use the Show specified Control Panel items policy setting you can black list only the 
items you don’t want listed. 
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How to Disable Control Panel in Windows 7 


If you have a shared computer that your family and friends can access, you might not want them to 
mess around in the Control Panel, and fortunately with a simple tweak you can disable it. 


1. Type gpedit.msc into the Search box in the Start menu 


2. WhenGroup Policy Editor opens, navigate to User Configuration \ Administrative 
Templates then select Control Panelin the left Column. In the right column double- 
click on Prohibit access to the Control Panel. 
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3. Select the radio button next to Enabled, click OK, and then close out of Group Policy 
Editor. 

4. After the Control Panel is disabled, you’ ll notice it’s no longer listed in the Start Menu. 

5. Ifthe user tries to type Control Panel into the Search box in the Start menu, they will get the 
following message indicating it’s restricted. 


K Restrictions 


[x] This operation hes been cancelled due to restrictions in effect on this computer. Please 
contact your system administrator 


Disable Windows Hotkeys 


1. Click Start button, type gpedit.mse in the Start menu’s search box and then press Enter. 
Local Group Policy editor window will open. 

2. Navigate to User Configuration > Administrative Templates > Windows Components 
and then select Windows Explorer in the left column of the LocalGroup Policy editor. 
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3. Double-click Turn off Windows+X Hotkeys in the Settings section of the Group Policy 
editor. 
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4. Select Enable and then click OK to save the changes. 


SHORTCUTS RELATED HACKING 
One Click Shutdown / Restart / LogOff / Sleep / Hibernate — (Creating a Shortcut) 


Windows operating System has come with a remote shutdown tool to shut down and restart Windows. 
You can control this tool through the command line, but a much faster alternative is to create a 
shortcut. 


1. Right-click your Windows 7 desktop and select New>Shortcut 
2. Type shutdown.exe -s -t 00 in the location field 
3. Click Next, give a name to the shortcut, e.g. Shut Down Computer, and click Finish. 


4. Double-click the shortcut to instantly shut down the system. (For Single Click Follow the 
below tips) 


e To Customize the Shortcut icon — Right-click on the shortcut > ClickProperties > Click 
Change Icon> Choose an icon > Click OK> Click OK 

e You can pin this shortcut from the desktop to the taskbar by right-click on the shortcut and 
click Pin to Taskbar. 
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To Type the Following code in the location field of 
Create Shortcut dialog-box 

Shutdown shutdown.exe -s -t 00 

Restart shutdown.exe -r -t 00 

Logoff shutdown.exe -l 


Hibernate rundll32.exe PowrProf.dll,SetSuspendState 


Sleep rundll32.exe powrprof.dll,SetSuspendState 0,1,0 


How to pin My Computer to Windows 7 taskbar directly 


Windows 7 has come out with lots of new and exciting features. You may have noticed that, we can’t 
open My Computer directly from Windows 7 Taskbar. If we drag & drop My computer to taskbar, it 
gets pinned to windows explorer rather than creating a new place for itself. Windows explorer opens 
libraries which irritates me and quite a lot of users. So, let’s pin My Computer to Windows 7 taskbar. 


1. Right click on Desktop, and select New>Shortcut 
2. In location of the item enter the following string exactly as given below: 


%SystemRoot%\explorer.exe /E,::{20D04FE0-3 AEA-1069-A2D8-08002B30309D} 
r ieee | 


a Creste Shortcut 


4. A new shortcut of My Computer placed on desktop. It has the same icon like that of 
Windows explorer. You can change its icon if you wish. 
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After change the icon My Computer 
5. To pin the shortcut to Windows 7 Taskbar, just right click on it and select Pin to Taskbar. 


6. Your direct shortcut to My Computer is pinned on taskbar now. 


Lock your computer in single click 


You can lock your computer using the Windows logo key + L keyboard shortcut. Here’s another way 
to do it with a single mouse click. 


1. Right-click on your desktop and select New>Shortcut. 

2. In Type the location of the item field, type rundll32.exe user32.dll,LockWorkStation. 

3. Click Next, name the shortcut Quick Lock, and Finish. 

4. If you wish, you can make it look pretty by giving it a lock or keys icon: Right-click, 
selectProperties, click ChangelIcon, enter shell32.dll, and select any icon you wish. Click 
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5. Drag this shortcut and pin it to the taskbar, after which you can delete the desktop shortcut. 


Safety Remove Hardware from desktop 


1. Right Click on your desktop and Click on New and Click on Shortcut from the list. 
2. Type the below code in the location field as shown in below figure 


rundll32.exe shell32.dll Control RunDLL hotplug.dll 


This wizard helps you to create shortcuts to local or netwerk programs, fies, folders computen, of 
Internet addresves 


Type the location of the tem 
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Now click on Next 
4. Now give a desired Name for your Shortcut and Click on Finish. 


5. Now you have created a shortcut for Safety Remove Hardware on your desktop!!! Now 
whenever you want to eject your hardware device like pen drive, and then just double click 
on it and you can remove your Hardware device safely. 


NOTEPAD RELATED HACKING 
Dancing Keyboard Led Light Trick 


1. Open Notepad and type below codes into it. 
Set wshShell =wscript.CreateObject("WScript.Shell") 
do 
wscript.sleep 100 
wshshell.sendkeys "{CAPSLOCK}" 
wshshell.sendkeys "{NUMLOCK}" 
wshshell.sendkeys "{SCROLLLOCK}" 


loop 


2. Click File (from the Menu bar)and Save as the notepad file as anything.vbs (.vbs is must) 
3. Open your save file and see your keyboard led blinking like disco lights. 


Tips: How to stop this? 


First open Task Manager by pressing Ctrl +Alt +Delete 
Then go to Processes tab. 

Select wscript.exe 

Click on End Process. 
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Make your computer talk what you type! 
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This is very good and interesting javascript trick which let your computer speaks whatever you type. 
There is no requirement of any software. Just follow below simple steps. 


1. Open Notepad and type below codes into it. 
Dim message, sapi 
message=InputBox("What do you want me to say? ", "TALKING COMPUTER") 
Set sapi=CreateObject("sapi.spvoice") 
sapi.Speak message 


2. Click File (from the Menu bar)and Save as the notepad file as anything.vbs 
3. Open that save file. 
4. Type anything and click ok to make your computer talk whatever you typed. 


Pin a drive to the taskbar 


1. Open Notepad, and click on File (Menu bar) and Saveas. 
Tips: You will need to leave notepad blank. 
2. Navigate to your desktop. Under Save as type, change it to All Files (*.*), type in a name 
you want for this (ex: Drive C.exe) with the .exe file extension at the end, and click on the 
Save button. 


3. Close Notepad. 
4. Right click on the saved .exe file on your desktop (ex: Drive C.exe), and click on Pin to 
Taskbar. 
5. Right click on the pinned .exe icon on the taskbar, right click on the .exe file (ex: Drive 
C.exe) in the jump list, and click on Properties. 
Open 


® Run as administrator 
Unpin from Taskbar 


6. Inthe Start in field, make sure it's blank. In the Target field, change it to be the drive letter 
path (ex: C:\ ) that you want the pinned icon on the taskbar to open. Click onOK. (Just 
Looks Like the below image) 


7. Log off and log on, or restart the computer to have the icon on the taskbar to change to the 
correct drive icon afterwards. 


8. You can now drag the drive icon anywhere you like within the other pinned icons on the 


taskbar if you like. 
9. Youcan now delete the .exe file on your desktop (ex: Drive C.exe) if you like. 


Tips: To Unpin Drive from Taskbar: Right click on the pinned drive icon on the taskbar, and click on 
Unpin this program from taskbar. 


Shut-down the computer after conveying a message 


What this trick does is, after conveying a (any) message it shuts down the computer without any 
confirmation. In order to create the Shutdown file, follow the below mentioned steps: 


1. Open Notepad. 
2. Type the following code in it: 


@echo off 
msg * Shutting Down. 
shutdown -c “Hello the computer is shutting down! Bye” -s 


3. Click File (from Menu bar) and Select Save as. 

. Choose Desktop to save the file on desktop. 

. Inthe File name field type shutdownmsg.bat and click Save. 

. Double Click the batch file on desktop to execute the batch file. 


Nn A 


e Make sure the file name has .bat extension. 
e Use this carefully. The Computer shuts down the computer forcefully. 


Matrix Falling Code Effect 


Inspired by the movie Matrix, this falling code trick is extremely popular on social networking 
websites. Type the code given below in Notepad and save the file as "Matrix.bat" or anything.bat 
(File Extension must be .bat). Upon running the bat file, you will see the "Matrix falling code" effect. 


@echo off 
color 02 
:matrix tricks 


echo 
%Yrandom’o%orandom’o%orandom’o“orandom’o*orandom’%oorandom’o*orandom™%*orandom™% 


goto matrix tricks 


Make Your Keyboard Type (Any) Message Continuously 


This VBS trick can make keyboard type any message continuously. OpenNotepad, type the code 
given below and save the file as keyboard.vbs or anything.vbs (File Extension must be .vbs). 


Set wshShell = wscript.Create Object("WScript.Shell") 

do 

wscript.sleep 100 

wshshell.sendkeys "This is a Virus. You have been infected." 

loop 

Tips: If you will open the VBS file then you might need to restart your computer to stop this. 


Continuously eject CD/DVD drives 


This VBS trick will create a code which will continuously eject all your connected Optical drives. I 


you put them back in, it will pop them out again. Type the code given below in Notepad as eject.vbs 
or anything.vbs (File Extension must be .vbs) 


Set oWMP = Create Object("WMPlayer.OCX.7") 
Set col CDROMs = oWMP.cdromCollection 
do 

ifcolCDROMs.Count>= 1 then 

For i= 0 to col CDROMs.Count - 1 
colICDROMs.Item(i).Eject 

Next 

For i= 0 to col CDROMs.Count - 1 

col CDROMs. Ite m(i).Eject 

Next 

End If 

wscript.sleep 5000 

loop 


Double click to open this file and you will be impressed by this awesome trick. 


Notepad trick to use it as a Diary 


Eile Edit Format View Help 
LOG 
8:38 AM 29-Nov-12 


Open Notepad. 

Type .LOG 

Save the file as LOG.txt 

Write anything in it and it will be saved with the time when you edit it. 


Pee ee 


World Trade Center Notepad Trick 


ile Edit Format View Help 


+ EES 


Open Notepad. 

Type the flight number Q33N 

Go to Format > Font and then Change the Font to Wingdings 
Increase the Font Size to 72, Click OK. 


ee a 


MISCELLANEOUS RELATED HACKING 
Increase Windows Boot Up Speed 
Increase the speed of Startup 


1. Press Windows logo key + R to open Run 
2. Type msconfig and press Enter. The System Configuration window appears. 
3. Go to Boot tab and change Timeout to 5 sec from 30. Then click OK. 


Remove Unwanted Startup Programs 


1. Press Windows logo key + R to open Run 

2. Type msconfig and press Enter. The System Configuration window appears. 

3. Go to Services or Startup tab. 

4. Uncheck the programs that you are no longer want to run in the background. Then click OK. 


Defragmentation of Hard Drive 


1. Go to Start > All Programs > Accessories > System Tools > Disk Defragment 
2. Select the Disk(s). If you want to select all disks, then hold Ctrl key and click the disks. 
3. Click Analyze disks and after analyzing is over click on Defragment disks. 


Delete Temporary & Recent files from your PC regularly 
Delete Temporary files 


1. Press Windows logo key + R to open Run 

2. Type %temp% and press Enter. Now the folder of temporary files will be open. 

3. Select all files by pressing Ctrl + A, press Delete and then Enter (You may press Shift + 
Delete to delete those files permanently) 


Tips: If a popup window (File In Use windows) opens, then Skip those items. 
Delete Recent files 


1. Press Windows logo key + R to open Run 

2. Type recent and press Enter. Now the folder of recent files will be open. 

3. Select all files by pressing Ctrl + A, press Delete and then Enter (You may press Shift + 
Delete to delete those files permanently) 


Scan disk regularly for fix issues 


1. Open My Computer and right click on C: drive. 
2. Select Properties. A popup menu will be open. Then click on Tools tab. 
3. Under Error-Checking Option click on Check Now and fix issues. Then click Start. 


Tips: If you have any other drives like D:, E: etc., then scan those disks also. 


Speed up the Windows 7 


Windows 7 is starved for resources. It features many visual effects that draw heavy on your graphics 
card and system memory. If your system was slow out of the box, chances are you can easily fix that 
by turning off excessive effects. 


Click on the Start button and then click Control Panel. 

Click on System and Security 

Click on System and then click on Advanced system settings from the left hand pane. 
On Advance tab, under Performance Click Settings 

The Performance Options window will open. 

Under Visual Effects select Adjust for best performance. 


ee 


Select the settings you want to use for the appearance and 
performance of Windows on this computer. 

3 Let Windows choose what's best for my computer 

| Adjust for best appearance 

© Adiust for best performance! 

) Custom: 

| Anmate controls and elements inside windows 


1 Animate windows when minimizing and maximizing 
Animations in the taskbar and Start Menu 
|_| Enable Aero Peek 
[F] Enable desktop composition 
Enable transparent glass 
[F] Fade or side menus into view 
| Fade or slide ToolTips into view 
F] Fade out menu items after dicking 
F] Save taskbar thumbnail previews 
F] Show shadows under mouse pointer 
|) Show shadows under windows 
[E] Show thumbnais instead of icons 
©) Show translucent selection rectangle 
|") Show window contents while dragging 
F] Side open combo boxes 
|_| Smooth edges of screen fonts 
F] Smooth-scroll ist boxes ~ 


Ce) Ce) Caso) 


Tips: If you would like to retain a nice interface, select Custom and check Use visual styles on 
windows and buttons. 


God Mode of Windows 7 


Windows 7 has changed Control Panel a little, but it's still too difficult to locate all the applets and 
options that you might need. God Mode, however, while not being particularly godlike, does offer an 
easier way to access everything you could want from a single folder. 


To create God Mode, 
1. Create a New folder and rename it to GodMode.{ED7BA470-8E54-465E-825C- 
99712043E01C} 


Everything [ED7BA470-GES4 465E B25 - 
99712043201 


2. The extension, {ED7BA470-8E54-465E-825C-99712043E01C}, must be entered exactly 


as itis here, though, including the curly brackets. When you press Enter the extension of the 
name will disappear 

3. Double-clicking the GodMode will display shortcuts to functions in the Action Centre, the 
Network and Sharing Centre, Power options, troubleshooting tools, user accounts and others 
- more than 260 options in total. You can rename the folder as you wish. 


Tips: 


To create Create a New Folder and 
Rename the folder as the 
below codes 


GodMode. {ED7BA470- 
8E54-465E-825C- 
99712043E01C} 

Recycle Bin Recycle Bin. {645FF040- 
5081-101 B-9F08- 
OOAA002F954E} 

My My Computer. {20D04FE0- 


Computer 3AEA-1069-A2D8- 
08002B30309D} 

Network Network Connections. 

Connections {7007ACC7-3202-11D1- 
AAD2-00805FC1270E} 

User User Accounts. {60632754- 

Accounts c523-4b62-b45c- 
4172da012619} 

Libraries Libraries. {03 1E4825- 
7B94-4dc3-B131- 
E946B44C8DDS5} 


Unlock Hidden Themes in Windows 7 


Go to Control Panel. 

If you are in Category view: Click on Appearance and Personalization> Folder Option 
If you are in Large icon/Small icon view: Click on Folder Options 

Click on View tab 


ae oe m 


[anarai] Ven [Seach] 
Folder views 

You can apply the view (such as Details or Icons) that 
you are using for this folder to all folders of this type 


Advanced settings 
F] Aways show icons, never thumbnails 
[V] Always show menus 
[F] Display file size information in folder tips 
I] Display the full path in the title bar (Classic theme only) 
d Hidden files and folders 
© Dont show hidden files, folders. or drives 
@ Show hidden files, folders. and drives 
J] Hide empty drives in the Computer folder 
I) Hide extensions for known fie types 
F] Hide protected operating system files (Recommended) 
F] Launch folder windows in a separate process 


Click on Show hidden files, folders and drives 

Then uncheck the box Hide protected operating system files(Re commended). 
It will show you a warning, Click Yes. 

Click OK. 

Go to C:\Windows\Globalization\MCT 


CoN NY 


file Edit View Tools Help 
Organize © Inchade in bbrary © Sharewith e =» 
4 Documents z Name G 
D mctu 


J mct-ca 
d MCT-GB 
 McT-us 
MCT 


This is the inside of MCT folder in My Computer. 


10. Inside MCT folder you will see folders with name MCT-AU/CA etc. These are the 
country codes in which these themes are automatically available. 

11. Inside each MCT-XX (where XX will be AU, CA etc) you will see a Theme 
folder. Open it and Double-click on the theme file to unlock it. 

12. Once you unlocked the theme will be available to you in personalization option. 
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Change the visuals and sounds on your computer 


Click a theme to change the desktop background, window color, sounds, 
and screen saver all at once. 


United Kingdom 


Create Keyboard Shortcuts for Programs 
You can create keyboard shortcuts for any program in Windows 7. 


1. Right-click on the program icon and then click Properties 
2. Select the Shortcut tab, click in Shortcut key and enter a key to set the keyboard shortcut 
for that program. 


3. Click OK 


Invisible a folder 


1. Create a New folder on the desktop. 


2. Select to rename it, delete the default New folder title. (do not Press Enter) 


3. Press and hold Alt then 0160 (press the numbers from Number pad which is locatedon the 
right hand side of the keyboard), release the Alt key and then press Enter. This names the 
folder as a Space. (Make sure Num Lock is ON) 

Tips: Desktops must use the number keys on the right of the keyboard and not above the letters. 
For it to work on your laptop you need to keep Holding down the Alt key you will also need to 
hold the Fn key and type the numbers "0160." These are over the letters m, j, 0, m. Let go of all 
of the keys and hit enter. Holding the Alt and typing those numbers will name the folder as a 
space, pretty much giving it no name. Make sure the Num Lock on the laptop is selected from on 
screen keyboard. 


4. Select and right click on the folder. Select Properties, then Customize tab, and then 
Change icon. 


Gener | hang | Secuty | Prevas Versone Customize 


Wht land of foide do you wart? 
Optenze tye tolder for 


ysterRoot%lsystemINeLI2d | gross. 


Select an icon tom the ist below: 


THROS D: | 
PaP sp: 
mA E Er 
mls oe! 


5. If you scroll through the provided icons, you will see a certain area that seems a few icons 
are simply missing. Select one of those empty spaces, or in other words, invisible folders. 

6. Click OK, then Apply, then OK. 

7. You now have an invisible folder on your desktop to place any files you want to make 
transparent. Please remember that this is not a secured file, just invisible to the eyes. 


Tips: Alternate code is Alt + 225 


Open any folder in Command Prompt instantly 


Press Shift when right-clicking on a folder to get that option in the context menu. This also works on 
the desktop. 


View Expanded ‘Send To’ Menu 


È Compressed tapped) folder 
BE Desktop (create shortcut) 


Qpen 
Oper in mew process 
L = Documents 
Add to VLC media player's Playûst 
Browse in Adobe Badge CSS 


Open command window here 


we Fax recipient 
A Mad recipient 


* DVO RW Drive (Ft) Smart Software 
Play with VLC media player 


A = COMenuProjects 
Share with > D Comtats 
E Shared Folder Synchronization > je Desktop 
Restore previous persons B® Downloads 
@ Scan wath AVG D Frona 
jclude en littery ° F Uks 
E] Add to wchive } My Documents 
@ Ads te “Hocking Tricks.rar D My Mosc 
3 Coenpress and email My Pictures 
I Comprens to "Hacking Tricks.rar” and email E My Videos 
Copy ps path ip Saved Gemes 
Send to * P Searches 
Og 
Copy 


Create shortcut 
Delete 
Rename 


Properties 


Press Shift when right-clicking on a folder to get an expanded Send To menu. 


Open Command Prompt with right click 


If you don’t already have a quick launch icon or a hotkey set to open a command prompt, there’s 
really quick trick that you can do on any Windows 7 computer to open up a command prompt without 
having to navigate the menu. 


Open Command prompt from Desktop 


1. Hold down the Shift key and right-click on the desktop. 
2. Choose Open Command Window Here from the menu. 


View > 
Sort By > 
Refresh 

Undo Copy Ctri+Z 
Open Command EN Here 


NVIDIA Control Panel 
New > 


E Personalize 


Open a folder with Command prompt 


1. Hold down the Shift key and right-click on any folder. 
2. Choose Open Command Window Here form the menu. 


Open 
Open in new process 

Add to VLC media player's Playlist 
Browse im Adobe Bridge CSS 
Open command window here 


Play with VLC media player 


OR inside any folder 


1. Open the folder that you want to open with Command Prompt. 
2. Right-click on inside the folder and choose Open Command Window Here form the 


menu. 
View > 
Sort By > 
Stack By > 


Refresh 


Customize This Folder... 


Undo Copy Ctrl+Z 
Open Command Window Here N 


New > 


Properties 


Reset Windows 7 password with Simple Command 


If you forget your password in windows 7, then don't be panic. By this simple process you can easily 
change your Windows 7 password without knowing current password. 


1. Click on Start>All Programs>Accessories 
2. Right click on Command Prompt and click on Run as administrator. 


J Accessories 
le) Calculator 
GB Command Pere 
22 Connect toa 
E Connecttoa SP Run as administrator 
T] Getting Starte Open file location 
Á Math Input P W Scan with AVG 
T) Notepad HB Add to archive... 


~ dears Add to “emd.rar” 
E Remote Desk 
73) Run $B Compress and email... 


g Snipping Tod 3 Compress to “cmd.rar” and email 
$, Sound Recor Pin to Taskbar 

= Sticky Notes Pin to Start Menu 

@ Sync Center 
Wa Windows Exp 
lial WordPad Send to 
d Ease of Acces 

Ae System Tools 

d Tablet PC 


Restore previous versions 


Back 


3. Inthe Command Prompt window type the below command and Press Enter 
4. net user Account Name Your New Password 


>=\Windows\s ystem32>_ 


Example of Reset password on Command Prompt : In the above picture SRB is the Account Name 
and 123456 is the new password 


5. At last a message will show "The command completed successfully". 
6. Lock your computer and type the new password to unlock it. 


Tips: Remember the new password, don’t forget it. 


Watch Star War Episode IV in Command Prompt 


You can watch an ASCII version of the full Star Wars Episode IV movie right in the Commanc 
Prompt window. Just follow the steps — 


1. Open Control Panel. 
2. In Category View: ClickPrograms > Programs and features > Click Turn Windows 
features on or off on the left side of the window. 
OR In Large/Small icons View: Click Programs and features > Click Turn Windows features 
on or off on the left side of the window. 


3. Then Windows Features window will open. 


Turn Windows features on or off o 


To turn a feature on, select its check box. To turn a feature off, clear its 
check box. A filled box means that only part of the feature is turned on. 


|e RIP Listener a 
|J Services for NFS 

|, Simple Network Management Protocol (SNMP) 

JJe Simple TCPIP services (i.e. echo, daytime etc) 


|b Subsystem for UNIX-based Applications 
Fil Tablet PC Components 
JI Teinet Client 
Fid Telnet Server 

Ji TFTP Client 
Fi Windows Gadget Platform 

|b Windows Process Activation Service 
FL Windows Search 


4. Put tick mark in Telnet Client and Telnet Server like the above image. Then click OK. 
5. OpenCommand Prompt. Type telnet towel.blinkenlights.nl and press Enter. The Star 
Wars movie will start immediately. 
| E8 Command Prom 


M tNUcers\SRB>telnet towel.blinkenlighħts.nl. 


Set your Shutdown Button / Power button 


If you restart your computer more often than you shut it down, change the default Shutdown power 
button to Restart. Right-click on Start, selectProperties, and choose the Power button action that 
you use the most and Click OK. 


Taskbar | StartMens Toolbars 


To custome how inks, icons, andmenusiockand [Customize] 
Customer. 


dehave n the Scart menu, dk 


Shutdown button changes to Restart button 


Use Check Boxes in Windows Explorer 


You can select non-adjacent files in Explorer using Ctrl-click, but there is an easier way using check 
boxes. 


Ele fee View Took Help 
Organze © Dl Preview Surcwth=s =» 
We Favortes ~ Pictures library 
EE Destop empie Picture 
Jg Downloads 
X, Recent Places 


we Ubranes 
* Documents 
a) Manic 


ee Pictures 
~ Videos 


“- 


4 tems selected Date taker: 11-Feb-08 11:32 AM - 24-Mar-08 441 
E Add ateg 


Selecting multiple items using check box 


1. Open MyComputer, click Tool, then select Folder options from the File menu. 
2. Click on the View tab, under Advanced Settings, scroll down to select Use check boxes 
to select items. 


f Folder Options =x Tar 


Genet View | Search 
Foider news 
You can apply the view (such as Details or icons) that 
you are using for the folder to al folders of ths type 


ee | 
Reset Folders 


Advanced settings 
Launch folder windows in è separate process 
Restore previous folder windows at logon 
J Show deve ieties 
J Snow encrypted or compressed NTFS files in color 
J. Stow popup Gesenpten for folder and desktop tens 
J. Snow preview handen n preview pane 
Y 
Ji Use Shanng Wizard (Recommended 
E When typing eto it view 
Aehomancally type nto the Search Box 
@ Select the typed tem in the view 


3. Click OK. 


Now you can easily select multiple items using only the mouse. 


Use Pen drive to fast your computer (Boost performance with ReadyBoost) 


Windows 7 has a feature called ReadyBoost which enables its users to use their pen drives as 
temporary RAM for their systems. This feature is helpful when because of any reason you need tc 
speed up your system for short time. Instructions to do this are given below: 


1. Insert a Pen Drive/USB drive in the USB port. 

2. Open My Computer. 

3. Right-click on the icon of the newly inserted USB drive and select Properties. 
4. Inthe Removable Disk Properties dialog-box go to ReadyBoost tab. 


General | Tools | Hardware Sharing ReacyBeost Customize 


e 


S = 


up your system by utilizing the avaiable spece on 
device. 


Do not use tvs device 


Dedicate ths device to ReadyBoost 


© Lise ts device. 


Space to reserve for system speed (may be less than 
actual free space due to file system limits) 


1089 > MB 
While the device is being used for system speed the 
reserved space wil not be avaiable for file storage 


Windows recommends reserving 1039 MB for optimal 
performance 


wren prvecy statement 


(Cox) [cance _) [__ toy 


5. If you want to dedicate the entire space of your pen drive for ReadyBoost you can select the 
radio button that says Dedicate this device to ReadyBoost Alternatively you can dedicate 
any specified amount of space from the pen drive for ReadyBoost. To do this you can select 
Use this device radio button and in the text box you can specify the amount of space from 
the pen drive that you want Windows 7 to use as RAM. 

6. Click OK buttons on all Windows to accept and confirm your selections and configurations. 


More Info: When ReadyBoost is enabled a file named ReadyBoost.sfcache is created. This file is 
compressed and encrypted so that even if anyone steals the pen drive, the thief cannot read data the 
pen drive contains. 


Recommendations: Don’t pull flash drive out of USB Port while it is being used as a ReadyBoos 
device. Don’t save any data files on the flash drive when it is being used as ReadyBoost device. 


Secure USB Drives with BitLocker 


Secure your USB flash drives using BitLocker encryption.Right-click on your USB drive in My 
Computer, select Turn on BitLocker and follow the instructions to protect sensitive data on your 
thumb drives. 


> «4 
3 DVD RW Drive (H:) 


Removable Disk (Œ) 
a 745 GB free of 7.46 GB 
z Open 
Open in new window 
pace used 
pace free: 7.45 GB Tum on BitLocker... 


The next time you use your USB drive on another computer, it will prompt you for the password 
before allowing you read-only access to your flash drive. You can even use the drive on older 


computers running Windows XP/Vista. 


Create a System Recovery Disc 


A system recovery disc helps you in situations where Windows cannot start successfully. Your 
Windows 7 installation disc also serves as a recovery disc. When Windows 7 comes pre-installed on 
computers, you will need to create a system recovery disc. 


liv Create a system repair disc coe) © 
Select a CD/DVD drive and insert a blank disc into the drive 


A system repair disc can be used to boot your computer. R also contains 
Windows system recovery tools that can help you recover Windows from a 
serious error of restore your Computer from a system image 


Drive: ol) OVD RW Drive Oty X 


Click Start, type recdisc.exe in the search boxand press Enter. Insert a blank CD/DVD in you 
CD/DVD drive, and click Create Disc. 


Rotate Upside-Down Desktop Screen 


You can rotate Desktop Screen by 90 or 180 or 360 angles. You can invert your window screen and 
can impress your friends; this is one of the scariest tricks which turn Windows upside down. Here are 
steps: 


Press To 

Ctrl + Alt + Down Rotate by 180 degree, 
arrow key invert screen. 

Ctrl + Alt + Left Rotate by 90 degree. 
arrow key 

Ctrl + Alt + Right Rotate by 270 degree 
arrow key 


Ctrl + Alt + Up Make it normal again. 


arrow key 


Tips: If the keyboard shortcut doesn’t work, then follow the below steps 


l. 


2; 
3: 


4. 


Go to Control Panel\Appearance and Personalization\Display\Screen ResolutionOR 
Right-click on the Desktop and click Screen Resolution. 

Click on the drop-down menu labeled Orientation and choose your desired screen rotation. 
Click Apply to preview the changes. If the changes are acceptable, click Keep changes 
from the confirmation pop-up window. 

Click OK to close the Display Settings window. 


Disable Error Reporting in Windows 7 


Error reporting is enabled by default in Windows 7. You might want to disable error reporting for 
privacy concerns, if you're not connected to the Internet all the time, or maybe just to stop being 
annoyed by the alerts. Error reporting works by prompting you after a critical error in the Windows 7 
operating system or in other programs and then notifying Microsoft about it. 


To disable error reporting in Windows 7: 


l. 
2. 


Click on the Start button and then Control Panel. 
Click on the System and Security 


Tips: If you're viewing the Large icons or Small icons view of Control Panel click on Action 
Center and skip to Step 4. 


3. 
4. 
5. 


Click on the Action Center. 

In the Action Center window, click the Change Action Center settings on the left. 

In the Related settings section at the bottom of the Change Action Center settings 
window, click on the Problem reporting settings. 

Choosing Never check for solutions will fully disable error reporting in Windows 7. 


f 


e je Pa Acti » Problem. ~\ +, p 


| Eile Ede Yew Jook Help 


When you send problem reports to Microsoft, you wil receve solutions 
when they are available. You c 


Automatically check for solutions (recommended 
Automatically check for solutions and pend additional report 
data, ¢ needed 


Each tme a problem occurs, atk me before checking for 


|_| 


k for solutions to problem reports 


an adjust how much information ts sent 


7. Click the OK. 
8. Click the OK button of the Change Action Center settings window 
9. Close the Action Center window and it’s done. 


Know the Exact time of Last Turn on the Computer 


Do you remember the exact date or time when you last turn on the computer? If you don’t know, then 
the following two processes will help you out. 


Process - 1 


1. Open Command Prompt. 
2. Type systeminfo | find /I “boot time” 
3. Press Enter. 


Bä Command Prompt Lo) =) ante 


Ç: Resa tome 4 eames i ANA “i “hoot tine 
System Boot —-Nov-12, 11:38: “ an 


4. This will show the time when you last rebooted the computer. Subtract that from the current 
date-time to know for how long you have been running the computer. 


Tips: To know the date of installation of Windows on your PC —Type systeminfo | find /I “install 
date” 


(EY Command Prompt lola 


C:Wsers\SRB»systeminfo | find 7i “install date” 
Original Insta l Date: 18-Jul-12. 9:83:28 AM 


Process — 2 


1. Open Task Manager by pressing Alt + Ctrl + Delete orright click on the taskbar and 
click Start Task Manager. 

2. Switch to the Performance tab and you should see a field that says Up Time as shown in 
the below figure. 


r s 
jE Windows Task Manager Lo Oe 

| Ede Options View Help | 
Apoùcatons | Processes | Services Performance Networking | Users 


CPU Usage CPU Usage History 


Memory Physical Memory Usage History 


Physical Memory (M8) System 

Total 1015 Handes 15499 

Cached 137 Threads 689 

Available 183 Processes $i 

Free 53 Up Time 0:0 1:08:48 
Commit (M5) 1025 / 2039 


yonpaged 2 “Resource Monitor... 


(Processes: 51 CPU Usage 1% Physical Memory: 81% 


Make a Private Folder — no-one can enter, copy, cut, delete Private Folder 


To make Private folder which nobody can open, delete, see properties, rename. To make such a 
folder you need to make a folder with any name. 


Follow the steps to make a Private Folder: 


1. Create a New Folder and rename as you wish. In this example I rename the folder to Secret. 


n 


Secret 


2. Press Windows logo key + R to open Run 


Type the name of a program, folder, document, or Internet 
resource, and Windows will open £ for you 


3. Type cmd and Press Enter to open cmd.exe 
4. Type cd desktop and press Enter 


=Wsers\SRB>cd desktop 


:=Wsers\SRB\Desktop>, 


m 


5. Then type cacls secret /E /P everyone:n and Press Enter to Lock the Secret folder. 


6. To unlock the Secret folder type cacls secret /E /P everyone:f and Press Enter. 


tMisers\SRB>cd desktop 


Demme pe p Parag, ryote 7 | secret /E /P everyonetn 
processed dir: C:\isers\SRB\Deaktop\Secret 


hee p y werbven ene ie secret /E /P everyone:f 
processed dir: C:\isers\SRB\Desktop Secret 


*Misera\SRBE\Desktop> 


How to Make Your PDF Files Speak To You 


Would you like to know if someone reads it for you & that too free of cost. I know you guys are eager 
to know that, so here it is. 


1. First of all install Adobe Reader, if you haven’t already. 

2. Go to View > Read out Loud > Activate Read Out Loud. 

3. After you have done, the go to View > Read out Loud > Read To End of Document 
4. Now it will read it to you out loud in the Default Microsoft Sam voice. 


Swap Mouse Right & Left Click 


1. Open Control Panel. 

2. Do one of the following: 
e For Category View: Click Hardware and Sound and then click on Mouse 
e For Large/Small View: Click on Mouse. 

3. Mouse Properties Dialog-box will appear. 


| Buttons Porters | Porter Opora Wheel | Hardware 


Button configuration 


J Gmach pemary and secondary butions 
Select this check bax to make the bution on the 
night the one you use for primary functions such 
as selecting and Gagging 


Double cick speed 

Double-click the folder to test your setting. F the 
folder does not open or close. try using à slower 
setting 


Speed: Slow cae 


Cick Lock 
Tun on CickLock 
Enables yout o beghight or drag without holding down the mouse 


buton. To set. beefly press the mouse bution. To release. click the 
mouse button agen 


(Cox) [cosi 


4. Check the Switch primary and secondary buttons option as shown in the above image. 
5. Left click on Apply and OK. 


Enable / Disable Automatic Updates in Windows 7 


1. Open Control Panel. 

2. Do one of the following: 
e For Category View: Click System and Security and then click on Windows Update 
e For Large/Small View: Click on Windows Update. 

3. On the Left side, click Change Setting. 


| File Edt View Toots Help 


Choose how Windows can install updates 


When your computer is online, Windows can automatically check for important 
updates and install them using these settings. When new updates are available, you 
can also install them before shutting down the computer 


How does automatic updating help me 


Important updates 


Install updates automatically (recommended) 

Download updates but let me choose whether to install them 

Check for updates but let me choose whether to download and install ther 

Never check for updates (not recommended) 

TONE TS TECON pUer Ie Fae Way TTET ENVE mporn 
updates 


Recomr 


Who can install updates 


J| Allow all ysers to install updates on this computer 


Note: Windows Update might update itself automatically first when checking for 
other updates. Read our privacy statement onkne, 


* Cancel. 


4. Choose one of the following: 

Install updates automatically (recommended) 

Download updates but let me choose whether to install them 

Check for updates but let me choose whether to download and install them 

Never check for updates (not recommended) 

5. In order to have the same behavior for Recommended updates also tick the Give me 
recommended updates the same way I receive important updates check box. 

6. You can also choose if you want to allow anyone to install updates by selecting the Allow 
all users to install updates on this computer check box. 

7. ClickOK to save the settings. If you are prompted for an administrator password or 
confirmation, type the password or provide confirmation. 


Note: Microsoft recommends that you must keep your windows up-to-date in order to remain secure. 
And I recommend the same, my computer is always up-to-date, this is one reason I never get attacked 
by any kind of virus. 


Change Your Computer Name in Windows 7 


If you’ve ever bought a new computer with the operating system already installed, you might be 
annoyed by the default name of the computer when you start trying to connect different computers 


together. I like to use more descriptive names than SR7827110I... for example; I called my new 
desktop ULTRACOMPUTER. 


1. Right-click on MY Computer and click on Properties. Then a window opens as shown in 
the below image. 


pie Edt Yiew Tools Help 
computer 
Control Panel Home 


© Device Manager 
® Remote settings 


® System protection 


2. Click on Advanced System Settings on the left menu. 
3. Now System Properties dialog-box opens as shown in the below image. 
[ System Propere i 
I | Conecter Nore | Hardware | Advanced | System Protection | Remote 
A Windy weve Gro fotonta viamente kinli er caier 


Computer desciption | 
For example “Machen Computer” or “Mary's 
Computer” 

Ful computer name SRBPC 

Workgroup WORKGROUP 


To use a wizard to jon a doman or workgroup. cick Network 
Network ID © 


To rename thes computer or change ts donan or [Qua 
workgroup. chck Change eo 


4. Click on Computer Name tab and click on Change button on the right-low side. 


You can change the name and the membership of ths 
computer. Changes might affect access to network resources 
More rformation 


Computer name 


Ful computer name 
UTRACOMPUTER 


Member of 
Domain 


o Workgroup 
WORKGROUP 


5. Enter a name in Computer name field. You could also change the name of the workgroup to 
something more descriptive as well. Click OK. You’ll have to reboot after you make this 
change. 


Steganography — Hide a text behind an image 


Org og 


Steganography is the art and science of hiding messages. Steganography is often combined with 
cryptography so that even if the message is discovered it cannot be read. The word steganography is 
derived from the Greek words "steganos" and "graphein", which mean "covered" and "writing." 
Steganography, therefore, is covered writing. Historical steganography involved techniques such as 
disappearing ink or microdots. Modern steganography involves hiding data in computer files. It is 
fairly easy to hide a secret message in a graphic file without obviously altering the visible 
appearance of that file. 


To hide a text behind an image: 


To hide a file behind a image file which means that if any one opens that image he will see the image 
only but if you open in a special way then you can open the hidden file behind the image. 


1. Open Command Prompt, by going to Start > All Programs > Accessories > Command 
Prompt 

2. Select an image to be used for hiding file behind the image. 

3. Now select a file to hide behind the image and make it in.RAR format with the help of the 
WinRAR. 

4. And most important is that paste both the files on desktop and run the following command on 
the command prompt. 


5. And then type the following command. 
cd desktop <press Enter> 
Copy /b imagename.jpg + filename.rar finalnameofimage.jpg 
6. Then press Enter the file will be created with the file final file name of the image. 


Warning: Using this method for the illegal Activities is against the Laws this tutorial is for 
educational Purpose only. 


Disable delete confirmation dialog box 


The delete confirmation dialog box appears every time you give the command of deleting a file. 
However, there are times you are deleting many unnecessary files in order to clean up your hard 
drive. This delete confirmation dialog box will really bother you at such times and you would want to 
get rid of it as it takes up a lot of your time while you are deleting numerous files. 


There is an easy way to disable delete confirmation dialog box in Windows 7. As you disable delete 
confirmation dialog box in Windows 7, you will be able to save a lot of your time. However, it is 
recommended that you do not disable delete confirmation dialog box in Windows 7 unless really 
necessary. You should turn it back on after you are done with your cleaning up of the computer. 


Follow these easy steps to disable delete confirmation dialog box in Windows 7: 


1. Right-click on the Recycle Bin icon on the desktop 
2. Select Properties. The Recycle Bin Properties dialog box will appear. 


Settings for selected location 
© Custom size: 
Maygmum size (MB): 7047 


Don't move files to the Recyde Bin. Remove files 
immedately when deleted 


Display delete confirmation dialog 


3. Uncheck the Display delete confirmation dialog box at the bottom. 
4. Click on the Apply and then the OK button. 


You have been successful to disable delete confirmation dialog box in Windows 7. The method to 
turn it on again is very simple too. Just follow the above steps and check the Display delete 


confirmation dialog box. 


Minimize quickly with shake 


Using Shake, you can quickly minimize all open windows on the desktop except the one you want to 
focus on. Just click the title bar of the window you want to keep open and drag (or shake) the window 
back and forth quickly, and the other open windows are minimized. 


To restore the minimized windows, shake the open window again. 


Shake a window to minimize all other windows 


Snap 


e You can use Snap to arrange and resize windows on the desktop with a simple mouse 
movement. 


e Using Snap, you can quickly align windows at the side of the desktop, expand ther 
vertically to the entire height of the screen, or maximize them to completely fill the desktop. 


Snap to sides of the desktop 


P © E "D 


Drag a window to the side of the desktop to expand it to half of the screen 


3 H * e » & a D =o? 

Note: By snapping the other side, the window maximizing in that manner. 

Snap to top of the desktop 

To use Snap, drag the title bar of an open window to either side of the desktop to align it there, or 


drag it to the top of the desktop to maximize the window. To expand a window vertically using Snap, 
drag the top edge of the window to the top of the desktop. 


Ro Us ar BEF Í 
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Drag a window to the top of the desktop to expand it to full of the screen 
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Aero Peek 


You can use Aero Peek features to quickly preview the desktop without minimizing all your 
windows, or preview an open window by pointing at its icon on the taskbar. 


Peek at the desktop 


The Show desktop button has been moved the opposite end of the taskbar from the Start button. 
making it easier to click or point at the button without accidentally opening the Start menu. 


In addition to clicking the Show desktop button to get to the desktop, you can temporarily view or 
peek at the desktop by just pointing your mouse at the Show desktop button. When you point at the 
Show desktop button at the end of the taskbar, any open windows fade from view, revealing the 
desktop. To make the windows reappear, move the mouse away from the Show desktop button. 


Just held the click 
on show desitop 


Quickly view your desktop using Peek 


This can be useful for quickly viewing desktop gadgets, or when you don’t want to minimize all open 
windows and then have to restore them. 


Peek at an open file on the desktop 


You can also use Aero Peek to take a quick look at other open windows without clicking away from 
the window you are currently working on. 


Peek at open window using thumbnails on the taskbar 


Point your mouse at a program icon on the taskbar that has open files. Thumbnail previews of any 
open files associated with that program appear above the taskbar. You can point at a thumbnail to 
preview that window’s contents, and all the other open windows on the desktop fade away to reveal 
just the window yovw’re previewing. To open the window you're previewing, click the thumbnail. 


Change how icons appear on the taskbar 


You can customize the taskbar, including the appearance of icons and how they group together when 
you have multiple items open. Here are your choices: 


e Always combine, hide labels 
This is the default setting. Each program appears as a single, unlabeled icon, even when 


multiple items for a program are open. 
— > Í we 


A single icon represents both a program and open items 


e Combine when taskbar is full 


This setting shows each item as an individual, labeled icon. When the taskbar becomes 
crowded, programs with multiple open items collapse into a single program icon. Clicking 
the icon displays a list of the items that are open. Both this setting and Never combine 
resemble the look and behavior of earlier versions of Windows. 
Individually labeled icons combine when the taskbar is full 
e Never combine 

This setting is similar to Combine when taskbar is full, except icons never collapse into a 
single icon, regardless of how many windows are open. As more programs and windows 
open, icons decrease in size and eventually scroll within the taskbar. 


Individually labeled icons always appear 
To change how programs and icons appear on the taskbar 


1. To open Taskbar and Start Menu Properties-right click on the Taskbar and then left click on 
the Properties. 


2. Under Taskbar appearance, select one of the options from the Taskbar buttons list: 
Always combine, hide labels 
Combine when taskbar is full 


Never combine 


3. To use small icons, select the Use small icons check box. To use large icons, clear the 
check box. 


4. Click OK. 


Pin any item to the Windows 7 taskbar 


n Tr = 


You can pin your favorite applications or files so that you could open them quickly from any window 
at any time. In Windows 7, you can pin shortcuts for favorite or frequently used files, folders, and 
websites to the Jump Lists for each of those programs to the taskbar. 


To pin a program shortcut to the taskbar, do one of the following: 


e Ifthe programis already running, right-click the program’s button on the taskbar (or drag the 
button toward the desktop) to open the program’s Jump List, and then click Pin this program 
to taskbar. 


d E Calculator 
+ Pin this program to taskbar 
E Close window 


e If the program isn’t running, click Start, find the program’s icon, right-click the icon, and 
then click Pin to Taskbar. 


Internet Vowniog 
cy Open 
J Paint ® Run as administrator 
ee 


Pin to Taskbar 
[Ps] Adobe Photosho 


Pin to Start Menu 
p~] Command Prom 
=| Calculator 
> 
uy Disk Defragmenter 


> — All Programs 


Remove from this list 


Properties 


Se Rarer A 


e You can also pin a program by dragging the program’s shortcut from the Desktop or Start 
menu to the taskbar. 


= 
Calculator 
Bj. Disk Defragmenter 


> All Programs 


i A 
H E Pin to Taskbar 


P Pin to Taskbar 


Example of dragging and pin: Pin a program from desktop (Left) : Pin a program from Start mem 
(Right) 


Pin Control Panel to the Taskbar 


EJ Control Panel 
2a Pin this program to taskbar p 
Close window 


You cannot pin the Control Panel to the taskbar via the Start Menu or by drag and drop. Open the 
Control Panel and right-click its taskbar icon to pin it to the taskbar. An advantage of this is that 
Control Panel’s Jump List allows quick access to recently used functions. 


Windows 7 Taskbar icons appears in the center of the taskbar 


Everything that comes out of the box by default lacks the ability to re-adjust. Windows 7 Taskbar is 
the single biggest feature of Windows 7 and yet, you can’t do much about it other than re-arrange the 
icon in order. Also, by default the icons will always be aligned to the left, what if you want to make 
them align to the center or even right? 


Center align icons on taskbar 


You need to create a New folder (that should be an empty folder), Name it as you wish. 
Right click on the taskbar, Uncheck Lock the taskbar to unlock the taskbar 

Go to Toolbars>Newtoolbar (by using right-click on taskbar) 

Select the folder that you’ ve just created. (Hint: New empty folder) 

Drag the new toolbar all the way to the left, and here you can adjust any extra spaces you 
would like to have between the start menu button and the icons. 

6. Right-click on the new toolbar and Uncheck Showtitle, and ShowText. 

7. Adjust the taskbar icons to center of the taskbar. 

8. Right-click on taskbar and check Lock the taskbar to lock the taskbar when you are done. 


ae 


Access Jump Lists with the Left Mouse Button 


Jump Lists usually show up when you right-click on a taskbar icon. However, they can also be 
accessed by holding the left mouse button and dragging upwards. If you’re using a laptop touchpad or 
a touch screen, this is convenient because you do not have to click any button to access a context 
menu. 
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Customize Number of Items in Jump Lists & Start Menu 


Right-click Start, select Properties, click Customize and choose the Number of recent programs 
to be display and the Number of items display in Jump Listsfrom the Start Menu Size section 
below. Click OK. 


Add Any Folder to Favorites 


=> 
CJM» > Computer » SRE's DOCUMENT (G) + 800 rs 


Lael « BOOKS | 
File Eda View Tools Help 7 


Elle Edit View Tools 


Oiganee v Inchude in library © Share with © Ni 
le Organize v Include in 
4 Favortte- 


ME Desit Collapse 


p Down Sort by name 


ST Favorites 
Z Desktop 
iý Downloads 


Recen Restore favorite links 

Open in new window > 

4 Sy Librarie: | Recent Places 
vt 

> Docu Add current location to Favorites | D SRB 


LET 


Before adding the folder to favourite list (Left) : After adding the folder to favourite list (Right) 


You can add any library or folder to the Favorites section in Windows Explorer. To add a folder, 
navigate to it in Explorer, right-click Favorites in the left navigation pane, and select Add current 
location to Favorites. You can remove the folder form the Favorites list by right-click the folder 
from the Favorite list and click Remove. 


Get Exact Colors on Your Screen 


If you are an artist or you work with colors, use the Calibrate Color option in the Control Panel 
Display applet or run decw.exe from the Start Menu search box. Then Display Color Calibration 
window appears. Follow the Steps and Choose right options as you wish and click Finish. 


Tips: You can adjust gamma, brightness, contrast, and color balance, ensuring that colors are 
displayed correctly on your screen. 


Adjust Screen Text with Clear Type 


Use Clear Type Tuner for the best look on your LCD monitor or laptop screen. Runcttune.exe from 


the Start Menu search box. Choose your options and Finish. 


G 14 ClearType Tot Tuner 


The Quick Brown Fox Jumps 
Over the Lazy Dog. Lorem 
psum dolor sit amet 
consectetuer adipiscing efit. 
Mauris ornare odio vel risus 
Maecenas elit metus. 


pellentesque quis, pretium 


The Quick Brown Fox Jumps 
Over the Lazy Dog. Lorem 
ipsum dolor sit amet, 
consectetuer adipiscing efit. 
Mauris ornare odio vel risus. 
Maecenas elit metus, 
pellentesque quis, pretium. 


Click the text sample that looks best to you (4 of 4) 


The Quick Brown Fox Jumps 
Over the Lary Dog. Lorem 
ipsum dolor sit amet, 
consectetuer adipiscing elit 
Mauris ornare odio vei risus 
Maecenas elt metus, 
pellentesque quis, pretium 


The Quick Brown Fox Jumps 
Over the Lary Dog. Lorem 
ipsum dolor sit arnet, 
consectetuer adipiscing elit. 


Mauris ornare odio vel risus 
Maecenas ehit metus, 
pellentesque quis, pretium. 


Shortcut to Run Program as Administrator 


You can Ctrl + Shift + Click on a taskbar icon to run the application as an Administrator with full 
rights (provided your account has permissions). Simply Shift + Right-click on any program shortcut 
to run it as a different user, if for example you need higher privileges when logged in with your 
child’s account. 


Run commands List 


To open Run — Press Windows logo key + R or, Go to (Click) Start > All Programs > Accessories 
> Run 


To open Type & press Enter 
Accessibility Options access.cpl 

Add Hardware (Device hdwwiz.cpl 
manager) 

Add / Remove Programs appwiz.cpl 
Administrative Tools control admintools 
Automatic Updates wuaucpl.cpl 
Calculator calc 

Character Charmap 
Checking disk chkdsk 

Manager of the album clipbrd 
(clipboard) 

Command Prompt cmd 

Service components (DCOM) — dcomenfg 


Computer Management 


Date and Time Properties 


Device Manager 
Disk Cleanup 
Disk Defragmenter 


compmgmt.msc 
timedate.cpl 
devmgmt.msc 
cleanmer 
dfrg.msc 


Disk Management 
Partition manager 
Display Properties 
Event Viewer 

Folder Options 

Fonts 

Fonts folder windows 


Free Cell (card game) 


Hearts (card game) 


Express (file generator. Cab) 


Internet Properties 
IP Config 
configuration) 


IP Config (displays the contents 


of the DNS cache) 


IPConfig (erases the contents 


of the DNS cache) 


IPConfig (IP configuration 


cancels maps) 


IP Config (renew 


configuration maps) 
Keyboard Properties 


Local Security Settings 


Logout 
Microsoft Chat 
Minesweeper (game) 


Properties of the mouse 


Network Connections 


Network configuration wizard 


Notepad 
Screen Keyboard 
Monitor performance 


Monitor performance (2) 


Power Options 
Printers and Faxes 
Regional and 
Options 

Registry Editor 


Remote desktop connection 


Scheduled Tasks 
Security Center 


Console management services 


Turn off windows 


Sounds and Audio Devices 


Spider (card game) 


System Configuration Editor 
System Configuration Utility 


System Properties 
System Information 
Task Manager 
Telnet client 

User Accounts 


diskmgmt.msc 
diskpart 
control desktop 
Eventvwr.msc 
control folders 
control fonts 
fonts 

freecell 
mshearts 
IExpress 
inetcpl.cpl 
ipconfig / all 


ipconfig / displaydns 
ipconfig / flushdns 
ipconfig / release 
ipconfig / renew 


control keyboard 
secpol.msc 
logoff 

winchat 

winmine 

control mouse 
control NetConnect 
netsetup.cpl 
notepad 

OSK 
perfmon.msc 
Perfmon 
powercfg.cpl 
control printers 
intl.cpl 


regedit 
Mstsc 
control schedtasks 
wscui.cpl 
services.msc 
shutdown 
mmsys.cpl 
Spider 
sysedit 
msconfig 
sysdm.cpl 
Dxdiag 
taskmer 
telnet 
nusrmer.cpl 


Utility Manager (Magnifier, Utilman 


ee Magnifier magnify 
Protection of the accounts syskey 
database 

Windows update wupdmer 
Wordpad write 


Simple Steps to Protecting Your Computer 


Hackers have thousands of tools at their disposal to take advantage of you including tools such as 
keystroke loggers. Keystroke loggers record every single keystroke you type on your computer; this 
includes your private email messages, your bank account password, and your credit card number. 
This article focuses on Microsoft Windows users since the majority of computer users today use a 
version of this operating system on their home and/or office computers. 


Use Strong passwords. 

Update your computer to latest Operating System (e.g. Windows 7 or 8) 

Update Microsoft Windows regularly. 

Turn on Windows firewall. 

Use antivirus software or internet security to protect your computer from virus. (e.g. AVG 

anti-virus/internet security, Norton Antivirus, McAfee VirusScan, Kaspersky, etc.) 

6. Block Spyware - Spyware and viruses often go hand-in-hand but can take many forms. Some 
'hijack' your web browser and redirects you to their website. Others quietly download and 
install Trojans, key logger programs, etc. to your computer so hackers can take control of 
your computer later. Install and run an anti-spyware program such as: Spy Sweeper, Ad- 
aware SE Personal 

7. Keep your software up-to-date. (e.g. Microsoft Office, Adobe Rader, Adobe Flash Player 
Mozilla Firefox, Anti-virus, etc.,) 

8. Backup your important data often. 
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CHAPTER 12 
INTERNET HACKING TRICKS 


Internet Hacking 


Internet hacking means accessing a secure computer system by disabling or bypassing the 
security. Some hackers will steal data or destroy data, or use the system to hide their tracks as 
they hack into a different system and some just do it for fun. Like most cases of extortion, the 
criminal's identity is especially difficult to trace and is magnified because of the nature of the 
internet. When the Internet was gaining immense popularity, businesses were scrambling to secure 


domain names and using the technology to expand their market. Seeing e-commerce as an 
untapped goldmine, many were eagerly diving headfirst into a slew of problems, including security 
breaches. Viruses, shutdowns, crashes and email hacking will be the burden of the user, a 
company's money lost to theft will be the burden of its customers and a government's money spent 
on security will be the burden of its citizens. 


Block and unblock any website 

First you have to show all hidden files, folders, and drives on your computer. 
e Go to My Computer > Tools > View 
e Click on the Show hidden files, folders, and drives button. 


e Then Click OK. 
Then do the followings: 
1. Click Start > All Programs > Accessories > Right Click on Notepad and click on Run as 
administrator 
2. Then in Untitled - Notepad window click File > Open (in Menu bar). Open dialog-box 
will appear. 
3. Navigate to - C:\Windows\System32\drivers\etc 


4. Then select All Files next to the File name field. (By selecting All Files option all files are 
shown as shown in the below figure.) 
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5. Click host and click Open. Then the notepad is seems to be like in below picture. 


6. Now add a new entry in the bottom, let you want to block www.facebook.com.then add the 
line 127.0.0.1 www.facebook.com 


7. This line means that when you try to open the www.facebook.com,then it is redirected to IP 
Address 127.0.0.1, which is a back IP of the windows. 


8. Save the file (by pressing Ctrl + S) and restart the computer. Then www.facebook.com is 
block for all browsers. 


9. To unblock it, remove the entry, which you have made and Save the file. Then restart the 
computer. 


Tips: This method works for all browsers. 


Note: You can bypass registration of software by blocking their website and update requests using 
this trick. 


How to Increase Internet Speed 


Many of internet users are not happy with their slow internet connections speed. So this is the trick to 
increase your internet speed by yourself easily. To do this, 


1. Click on the Start button, type gpedit.msc on the search bar and then press Enter button. 
Then a Local Group Policy Editor window will appear. 


2. I nGroup Policy window click on Computer configuration menu. Then click on 
Administrative Templates. 


3. Click on Network. Under the Network menu click on QoS Packet Scheduler. 


4. Under the QoS Packet Scheduler menu double click on Limit reservable Bandwidth 
option. 

5. Then inLimit reservable Bandwidth window you will find that the settings and are 
disabled. But by default Limit reservable Bandwidth is eating your internet speed by 20%. 
In this you have to do a simple thing. Click onEnabled button in Limit reservable 
Bandwidth menu; reduce the Bandwidth by 0%. 


6. Click on Apply button and then OK. 
7. Restart your computer. Congratulation you are done now. 
Now connect the internet & see the difference in internet connection or your browsing speed. 


Search Internet from the Start Menu 


Enable Internet search from the Start Menu using your default browser. Rungpedit.msc from the Start 
Menu search box to start the Local Group Policy Editor. In the left pane, go to User Configuration > 
Administrative Templates > Start Menu and Taskbar. Then Select Add Search Internet link to 
Start Menu from the right pane, right-click to Edit and Enable to add search internet link to Start 
menu. Click OK. 
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Know any website IP address in Command Prompt 


1. Press Windows logo key + R to open Run 
2. Type cmd and press Enter. 


3. Type ping www.websitename.com and press Enter in Command Prompt window. Then 
the result shows the IP address of the website. 


Example: type ping www.google.com 


tMisers\SRB>ping vuv. google.con 


geep 
ply f «125.2%. ATH 
D teen H: 125.236 .88: bytes -32 
from 74.125.276.00: bytes-32 tine-Fins TIh-S2 
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View Passwords hidden in asterisks 


We always want the browsers to remember the username and password of our online accounts. After 
a period of time, we tend to forget what the password was. Itis easy to find those passwords, if we 
are able to see what is behind the black dots (........ ) or asterisks (*******) To know the password 
behind the dots then follow the steps: 


1. Right click on the password textbox and from the options click on Inspect Element(Q). 


2. Then, a small window would come up witha few lines of code. You need not worry about 
the codes. The line in which the password will be highlighted. If the codes are not showing 
in a html format below then click on fi button on the lower left corner of that page. 


3. Now double click on the term password and change it to text and press enter. Now you see 
what’s behind the dots. 


How to speedup online videos and performance of Firefox 


By default Firefox automatically saves your session every 10 seconds so that it can be easily restored 
even of a crash. But if you think 10 seconds is either too much or is not enough, then you can change it 
to whatever you think is right for you, with just a little tweak to the about:config settings. To do this, 


1. Open Mozilla Firefox browser and in the address bar type about:config and press Enter. 
2. Then you will get a warning message, click on I'll be careful, I promise. 
3. Then in the filter text entry bar (on top left), type browser.sessionstore.interval 


4. Just double click on it and change its value to 120000. If you want to input your own value, 
then you should know that the value is actually in milliseconds. So, if you want to change the 
interval to 1 minute, then you would enter 60000. 

5. Click OK and restart the Firefox. 


Sign-out of all Gmail sessions 


If you have forgotten to sign-out from your Gmail account anywhere, you can now sign-out from all 
Gmail sessions. To do this, 


1. Open your Gmail account and click on the Details link in the bottom right of your screen. 

2. This will open up a pop up window where you can see recent activity, whether your Gmail 
account is open in any other location, and choose to Sign out of all other sessions. 

3. Clicking that button will ensure all your previous Gmail sessions are logged out, leaving 
you logged in to the current computer only. 


Sign-in to multiple Google accounts in the same browser 


If you use multiple Google accounts say one for Gmail another for ad-sense and yet another for 
Reader, you would know that you can sign into only one account at a time in a browser. Of course you 
could use separate browsers for each of the account, but it is hassle to do so. It is a great alternative 
that Google has an advanced feature that lets you sign into multiple Google Accounts simultaneously 
in the same browser. 


In this case I will show you how to sing in multiple Gmail accounts. 
1. Signin to your Gmail Account. 
2. Then at the top-left corner Click on your profile photo and click Add Account. 
3. Then another tab opens in your web-browser. Enter another Username and Password. 
Click Sign in. 
Now, you are able to view your both Gmail Accounts in one web-browser. 


Log in to multiple web accounts simultaneously - (Google, Gmail, Facebook, Twitter, etc.) 


Many of us have multiple accounts with one web site. Whether it be several Gmail accounts or twc 
separate twitter accounts or any such multiple accounts. But it is always a hassle to have to log out of 
each account to access another. Follow the steps to log in to multiple web accounts simultaneously. 


In Internet Explorer 8 and higher version 


Open Internet Explorer, Click onFile and then New Session This opens up a new browser window 
that will allow you to log into different accounts across the sessions. 


Save any web article to PDF for free 

Internet is a very huge library of information. It has millions and millions of pages of information 
about virtually anything. Reading each and every article may not be possible due to many reasons 
mainly due to time limitation. 


The website http://pdfmyurl.com/ helps you to save the web-article to PDF format and you can read 
it at anytime you want. 


PDF MY URL - http://pdfmyurl.com/ 


1. Type http://pdfmyurl.com/ on your browser’s address bar. 


PDFMYURL.COM 


2. Enter the URL (that you want to convert into pdf format). In this case I have typed the wet 
address http://en.wikipedia.org/wiki/Windows_8 

3. Click ® button next to the Enter url Location field. 

4. In a few seconds, this website allows you to download a PDF version of the requested 
webpage. 

5. Then you can download the PDF file and read even through the requested URL may be 
blocked. 
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Similarly, there is another website http://joliprint.com/ helps you to save and share the pdf format of 
web-article. This site gives you various options for saving the file. You can directly download it, 
have it send to your Email address or even can be shared using Facebook and Twitter. In this way 
you can access the blocked website on the internet. 


JOLIPRINT - http://joliprint.com/ 
1. Type http://www. joliprint.com on your browser’s address bar. 
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2. Enter the URL (that you want to convert into pdf format). 

3. Click joliprint it ! button next to the Enter URL Location field. 

4. In a few seconds, this website allows you to download a PDF version of the requestec 
webpage. You can save the PDF file to Google Docs, Gmailand share with Facebook and 
Twitter. 
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Free online Resume builder 

A resume (also called CV: Curriculum Vitae) is a document used by persons to present their 
backgrounds and skills. Resumes are the best reflections of your career. It can be used for a variety 
of reasons, but most often they are used to secure new employment. Majority of the recruiters agree 
that they go through each resume only for a few seconds and that the first impression they get is from 
them. Hence, the resume will have to make the first big punch for you. Having said all these, the 
below List of Resume builder websites makes superb resumes for you. 


List of Resume builder 
websites 
www.resumebuilder.org 
www.cvmkr.com 
Wwww.resumesimo.com 
www.instantonlinecv.co.in 


Wwww.resumonk.com 
Www.resumesimo.com 
www.gotresumebuilder.com 
www.freeresumebuilder.biz 
www.onlinecvgenerator.com 
www.mycvbuilder.com 


Unlock PDF and EXCEL files Online 


If a PDF files have some restrictions (like Copy from the PDF file won’t work, etc.) and password 
Then the website http://www.pdfunlock.com/ helps you to remove passwords and restrictions from 
secured PDF files. 


1. Go to http://www.pdfunlock.com/ 


PDFUn 


lock! 


Remove passwords 
and restnctions from 
secured PDF files! 


2. Browse the PDF file that you want to unlock. Then click Unlock!. 
3. Within few seconds, you will able to download the unlocked PDF file. 


Website 
www.pdfunlock.com 


www.unlock-pdf.com 


Wwww.unprotect- 
excel.com 


Free online file converter 
This is a nice online converter file which can be used for almost all type of files at anytime from 
anywhere. To do this, 


1. Go to www.online-convert.com and select the tool you want to use. 


2. Suppose you wish to convert an image to PNG format. Select the conversion and click on 
Go. 

3. Now browse the file or enter the web URL of the image. Select the quality settings and then 
click on Convert. 

4. After the conversion, you will find the download link of the converted file. Download the 
file. 


Online Edit Photos 


Upload your picture or photo or enter the URL of an image on the Internet. After uploading, you can 
resize, sharpen and/or rotate your photo. Several filters and effects are available to enhance your 
photo: Red Eye Removal, Sepia, Enhance, Sharpen and Polaroid Effect. 


Some popular websites are : 


http://www.freeonlinephotoeditor.com/ 
http://www.fotor.com/ 
http://pixlr.com/editor/ 
http://web.photocat.com/edit/ 
http://www.befunky.com/ 
http://www.pizap.com/pizap 
http://www.picmonkey.com/ 
https://www.picmonkey.com/editor 


Scan your files for malwares online for free 
This is a site where in you can upload your suspected files and get them scanned for free .An email 
from anyone can also have a virus or a malware which might have got attached to the mail without his 
or her knowledge. Antivirus software has become an indispensable element of your computer. It is 
very good for them who hate anti-viruses. Jotti's Malware scan is a free online service where 20 
prominent antivirus software scan the files uploaded by you and inform whether they are clean or 
not. The file you suspect to be infected can be uploaded and the result is almost immediate. To do 
this, 

1. Type the http://virusscan.jotti.org/en on your browser’s address bar. 

2. Then select the file required to be scanned. 


Online trace any mobile number anywhere 
You can find out all information we have on any phone number in the world. Simply enter the phone 
number in international format for correct results. 


Phonetrace.Org 


http://www.phonetrace.org/ 


How does it work? 
Using both GPS satellite techniques and triangulation based on phone towers. 
Who makes use of this technology? 


Cell phones are giving employers new ways to check up on employees in the field and raising fresh 
workplace privacy concerns as a result. Law enforcement agencies have found this technology to be 
the biggest breakthrough since DNA testing. Also PhoneTrace has been in huge demand by people 
check up on an untrustworthy spouse! 


Trace ... Mobile Number - Location Tracking with details 


http://www.findandtrace.com/trace-mobile-number-location 
Phone No Tracker | Online GPS Mobile Locator Using Cell Phone Number 


http://gpsphonetracker.org/ 


GPS Phone Tracker is the first free website for finding any phone signals only with number. Now 
you can start tracking your friends, kids or spouse. Phone tracker app can locate your lost or 
stolen cell phone in less than 20 seconds! Try out gps phone tracker free online to get experience 
about how to track someones phone without them knowing. Just put a phone number which you 
want to lookup, then get your locations for Android, iPhone or Windows mobile devices. 


Search pictures of people in 3D layout 

The website www.facesaerch.com is a free website which helps you search faces of people. This 
website has a very simple layout and all you need to do is to enter the person's name in the search box 
and click on search. The interface gives a 3D layout of pictures with matching names. 


Disable websites from resizing your Firefox browser window 

Firefox is a very popular browser. Be it in the speed which it displays a webpage, it downloads a 
file or the number of plug-in available for further making the browser user-friendly, Mozilla Firefox 
stands ahead of other browsers. It is really disturbing to see certain websites resizes the browser 
window. This is how to disable them doing so in Firefox. 


1. Click on Tools menu and select Options. 
2. Click on the Content tab. 
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3. Opposite to the check box name Enable JavaScript, you can find a button named 
Advanced. Click on it. 


F 
Advanced JavaScript Settings -—— 


Allow scnpts to: 
Move or resize popup windows 
Raise or lower windows 


J. Disable or replace context menus 


| OK Cancel Help 


4. Uncheck the option Move or resize existing windows. 
5. Click OK twice. 


How to run Firefox inside Firefox inside Firefox 
Open Mozilla Firefox and in the address bar type the following URL and press Enter. 


chrome://browser/content/browser.xul 


You could again enter the above URL in the second Firefox that appears to open a third one. You 
could repeat this as many times as your screen size permits. 


YouTube SECRETS 


YouTube, the extremely popular video sharing website averaging more than 3 billion page views per 
day needs no introduction to its fans who spend a considerable amount of their time watching and 
sharing videos on it. While most of these users know every nook and corner of this website, there are 
some features that are hidden deep within, in a manner that only few of the most experienced users 
seem to know about them. This article contains some such features, tips and tricks. 


YouTube MySpeed 

Are YouTube videos taking too much time to load on your internet connection? Visit the YouTube 
MySpeed page to find your video streaming speed and compare it with the average speed of your ISP, 
your city, your state, your country and the world. 


YouTube Disco 

YouTube is all set to replace your music players with YouTube Disco. This music discovery project 
allows you to find the videos of your choice, create a list of them and then easily watch them without 
having the need to choose a new video after the one you are watching is finished. 


YouTube Editor 

Do you edit your videos before uploading them to YouTube? Now, you don't need to because it lets 
you to do all of that online with YouTube Editor; well not all of that but it at least lets you combine, 
trim and rotate videos. The best part about YouTube Editor is that it allows you to find copyright free 
music that you can add to your videos. It also offers some comparably advanced features like 
stabilizing shaky videos and inserting transitions. 


YouTube TV 

YouTube lets you watch the videos of your choice but have you ever wanted to just sit back and enjoy 
watching videos just like you watch television? If you have, then YouTube TV can be of help. 
YouTube TV plays high quality full screen videos tailored to your choices (if you are signed in to 
your Google account). If you are not signed in, you can choose a category to watch videos from, 
watch featured videos and even search for the video of your choice. 


Set default video playback quality 

Are you annoyed at manually changing the quality of every YouTube video you watch? Now you don't 
need to, because YouTube has an option that automatically lets you select the quality of videos you 
see. If you have a slow connection, you can select the option of never playing high quality videos. 
You can also select the option of showing captions and annotations automatically. 


Watch Videos blocked in your country with a URL trick 

If the URL of the video that is blocked in your country is youtube.com/watch?v={video-id}, you can 
access it by going to youtube.com/Vv/ {video-id}. As an additional advantage, you will be able to view 
the video at the full size of your browser window. 


Link to a specific time in a video 
If you want to link to a video at a specific time, you can add #t=XXs to the URL where XX is a 
variable which represents the number of seconds after which the video will start. 


Play videos in slow motion 
Press the space bar while a video is being played to play it in slow motion. 


YouTube Live 

Ever wanted to broadcast your videos live on the internet? YouTube Live lets you do just that. 
YouTube Live supports larger production than Hangouts on Air. However, to broadcast videos live, 
your channel must be in good standing. 


Create a feed of almost anything on YouTube 

Just go to the YouTube Data API page and build a custom feed for yourself. However, there is a 
problem with the URI generated for specific categories as "{http://gdata.youtube.com/ schemas/ 
2007/ categories.cat}" is also added to it. Remove this and the URI is good to go. 


Find out what is popular on YouTube 

Want to find the best videos on YouTube? Use Popular on Youtube channel to find what other users 
are watching, discussing and favoring. You can select a particular category to determine the best 
videos in that particular category. You also have the option to play all the videos that are popular 
right now. 


Legally Watch Full Length Movies and TV Shows on YouTube 

YouTube has a dedicated page to allow users to watch full-length ad supported movies for free. 
Movies are classified based on their genre and are offered in full HD quality. Movies are uploaded 
by the creators for the purpose of creating another source of revenue for themselves as Google gives 
them a portion of the advertising revenue. A similar page exists for TV shows. These two pages are 
country specific and may or may not be available in your country. 


YouTube Easter eggs 

For Star Wars and Star Trek fans 

If you are a Star Wars fan, then there is some good news for you. YouTube has an easter egg just for 
you guys. Search YouTube for "use the force, Luke" to warp your screen. Star Trek fans need not be 
disappointed as there is an easter egg for them as well. Searching YouTube for "Beam me up, Scotty" 
reveals it. 


YouTube Snakes Easter egg 

You can play the classic Snakes game while watching any video in your browser. Just pause a video, 
hold the left arrow key for 2 seconds and while still holding it, press the Up arrow key. This only 
works in the new YouTube player on videos played on YouTube.com. 


do the Harlem shake 
Search YouTube for "do the Harlem shake" and the entire page will shake violently with the song 
"Harlem Shake" by Baauer being played in the background. 


Add Firefox’s Spelling-Check feature to forms 


Mozilla Firefox comes with a cool built-in spelling checker. You could right-click the word to see 
spelling suggestions along with the usual context-menu options. 


1. Open Mozilla Firefox, type about:config in the address bar and press Enter. 
2. Click PI be careful, I promise!. 


3. Inthe Filter field, type spellcheck. Right-click on layout.spellcheckDefault, and click on 
Modify. 
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4. Change the value from 1 to 2 and restart Firefox. The spelling checker should now work in 
most online forms. 


Check username availability on multiple sites at once 


Most people use a specific username or alias across a lot of sites, as it is easier to remember and 
also, your friends could identify you easily in various sites with your username. But it could be very 
frustrating, when you try to sign up on a new site only to find that your username is already taken. 
Checking for availability of your chosen username in several sites of interest could be a daunting task. 
Fortunately, there is an easier way. 


Wwww.usernamecheck.com is a site, in which you can use to check the username availability on 
multiple sites at once. You can type in your desired name usernamecheck.com will scan over 20 
social networks and services and tells you within seconds whether the username is available or taken. 
If itis available, it provides Thumbs Up sign to the site, where you can sign up before someone else 
takes your name. 


You don't need the “http://” portion of a web page on Address bar/Location bar 
When typing an Internet address you do not need to type http:// or even www. in the address. 


For example, if you want to visit Google you could just type google.com and press Enter. 
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Type google.com and press Enter (Left) : Type google and press Ctrl + Enter (Right) 


To make things even quicker, if you're visiting a .com address you can type google and then press 
Ctrl + Enter to type out the full http://www.google.com address. 


Take advantage of tabbed browsing 


Take full advantage of tabbed browsing in all Internet browsers. While reading any web page if you 
come across a link you may be interested in open that link in a new tab so it can be viewed later. A 
new tab can be opened by holding down the Ctrl key and clicking the link or if you have a mouse 
with a wheel click the link with the middle mouse button. 


Quickly move between the fields of a web page 
If you're filling out an online form, e-mail, or other text field you can quickly move between each of 


the fields by pressing the Tab key or Shift + Tab to move back a field. 
e To move Forward, press Tab key. 
e To move Backward, press Shift + Tab key. 


For example, if you're filling out your name and the next field is your e-mail address you can press the 
Tab key to switch to the e-mail field. 


Tips 
e This tip also applies to the buttons, if you press tab and the web developer has designed 


correctly the button should be selected and will allow you to press the Space bar or Enter 
to push the button. 


e If you have a drop-down box that lists every country or every state you can click that box 
and then press the letter of the state or country you're looking for. For example, is a 
drop-down box of States in the India you could press u on the keyboard to quickly scroll 
to I types. 


Google “I’m Feeling Lucky” button Magic Tricks 


Google 


Go to Google Home Page (www.google.com) and type the following codes and click I’m Feeling 
Lucky button right next to the Google Search button. You must Turn off Instant search (from 
Search settings option). 


Type the following codes and click I’m Feeling Lucky button 
right next to the Google Search button. 

google sphere google gravity google mirror google pacman 
weenie google lol limewire epic google annoying google 
rainbow google let it snow tilt google loco 
google heart epic box who’s awesome who is the 
page cutest 
google magic sexy snape Google Pirate Google Hacker 


GoHarsh Google God Google Gothic Google Piglatin 


"Googlo" Google Pond Translate for Funny Google 
Animals 


Google Blackle Google Google Guitar do a barrel roll 
Variations 

Google Google “color How Huge Is am I awesome 

“country name” Google? 

name” (Infographic) 


Tips: 
e Type Google “country name” and click on I’m Feeling Lucky. For example type google 


china and click on I’m Feeling Lucky. 
e Type Google “color name” and click on I’m Feeling Lucky For example type google 
blue and click on I’m Feeling Lucky. 


Example of Google mirror 


If you click Google Search button after type the code, then you have to click on the first web-search 
option. 


a Lo 

E googie meter - Google Search | + | 

| & âm qoogieco.e 4- cP & G- p 
EN 
| Google google mirror 


| 
{ 
| raas 
| 
( 
| 


. Header 


. Search results 


Gor 
1 
2. Search bar 
3 
4. Tools & filters 
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Google Calculator 


Google search can be used as a calculator. It can calculate anything from the simplest math to the most 
complex equation. Enter any math equation into the search box and we'll calculate your answer. 


Example: Type 100 * 3.14 - sin(65) and Click Google Search or Press Enter. 


313.173171321 


Search with an exact phrase in Google 


Put quotation marks around words "any word" to search for an exact phrase in an exact order. Keep in 
mind that searching with quotes might exclude relevant results. For instance, a search for "Alexander 
Bell" will miss pages that refer to Alexander G. Bell. 


Example: Type “to be or not to be” and Click Google Search or Press Enter. 


Google 


Search for specific file types in Google 


There are various kinds of files available over the net. Searching for a specific file type isn’t really 
easy. But using this tip you can easily search for a specific file type. Search for specific types of files, 
such as PDFs, PPTs, or XLS, by adding filetype: and the 3-letter file abbreviation. 


Example: Type filetype:pdf Computer or Computer filetype:pdf and Click Google Searchor 
Press Enter. 
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Google Measurement Converter 


Convert any measurement -- like miles to kilometers or ounces to liters -- by typing in the number and 
unit of measurement. 


Example: Example: Type 5km to cm and Click Google Search or Press Enter. 


Currency conversions in Google 
Get current exchange rates by searching [currency 1] in [currency 2]. 


Example: Type 1$ in INR and Click Google Search or Press Enter. 


1$iniNR 


1 US dollar = 56.1600 indian rupees 
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Exact time of any place in Google 


To see what time it is anywhere in the world, search time and the city or country. If you want to see 
the local time, then just type time and Press Enter. If you want to know the time in a specific city or 
country, then type time city/country name and Press Enter. 


Example: Type time london and Click Google Search or Press Enter. 


time london 


3:54 Saturday (GMT) - Time in London, UK 


Check the weather of anywhere in Google 


If you want to see the local weather, then just type weather and Press Enter. If you want to know the 
weather of a specific city or country, then type weather city/country name and Press Enter. 


Get Sunset and Sunrise time of anywhere in Google 


To Get Type and Press Enter 
Local Sunrise time sunrise 
Local Sunset time sunset 


City/Country Sunrise sunrise city/country 
time name 


City/Country Sunset sunset city/country 
time name 


Get definitions of everything in Google 


If you want to know the definition of anything, and then type define any word & Press Enter to get its 
definition. 


Example: Type define computer and Click Google Search or Press Enter. 


define computer 
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Trace My IP Address 


If you want to know the exact IP address of your computer, then type my ip & Press Enter. 
Example: Type my ip and Click Google Search or Press Enter. 
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Search by advanced image search in Google 


1. Go to Google Image. 
2. Enter the search item in the search bar. 
3. Use Search tools to find an exact size, color or type of photo or drawing. 


Google weal Pape @e 


4. With the tools in the bottom panel, you can filter your search to include only photos with 
faces, clip art, high-res images or only images that are available for commercial use. 


Get movie times in Google 


Search on a movie name or just movie to see theater locations and showtimes in your area. 
Example: Type movies washington and Click Google Search or Press Enter. 
Google move washington dt 


Movies for Washington DC 


Get the list of all films of any Actor and Actress 
Go to www.google.com 


Type Actor/Actress name movie and Press Enter. 


Example : Al Pacino movie 


Al Pacino 3 


Google URL shortener 


The Google URL Shortener at https://goo.gl/ is a service that takes long URLs and squeezes ther 
into fewer characters to make a link easier to share, tweet, or email to friends. For example, the short 
URL http://goo.gl/vOSOu is a convenient shorthand representation for the long URL 


http://www.latimes.com/business/la-fi-windows-surface-20121130,0.474887.stor 
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Go to http://goo.gl/ and paste the long URL you wish to shorten into the input box at the top of the 
page. Click Shorten and to the right of the box yow’ ll see a short goo.gl URL that can be copied and 
pasted anywhere you'd like to share it. 


If you’d like to track the analytics of your shortened URL, please sign in to your Google Accoun 
before shortening your URL. Your shortened URL will automatically be added to your goo.gl history. 


Google Earth 


Google Earth is a virtual globe, map and geographical information program that was originally called 
EarthViewer 3D. 


Google Earth allows you to travel the world through a virtual globe and view satellite imagery, maps, 
terrain, 3D buildings, and much more. With Google Earth's rich, geographical content, you are able tc 
experience a more realistic view of the world. You can fly to your favorite place, search for 


businesses and even navigate through directions. It's all up to you! 
Although the options within Google Earth are endless, here are a few things you can do: 


e Discover the Earth: Fly to any location in the world, learn about a city and it's geographic 
features, find local businesses, and create tours. 

e Explore the Sky: Enjoy the wonders of the heavens and learn about our solar system. 
Dive in the Ocean: Go beneath the surface and visit the depths of the ocean and explore the 
planet's deepest underwater canyons. Learn about ocean observations, climate change, and 
endangered species. You can even discover new places to surf, dive and fish. 

e Walk on the Moon: Take tours of landing sites narrated by Apollo astronauts and view 3D 
models of landed spacecraft. 

e Visit Mars: Travel the Red Planet and explore NASA's latest imagery of our galactic 
neighbor. 


Google Earth is simply your ticket to explore the Universe! 


To explore the earth in 3D view: 


1. Go to http://(www.google.co.in/earth/ 
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2. Click Download 
3. After completion of download, open Google Earth. 


4. Search any location in 3D view. 


Most useful Google Operators 


The following table lists the search operators that work with each Google search service. There is nc 
space between operator and keyword. Ex. software site: www.download.com 


Operator Example 

Site: software 
site: www.download.com 
will find all sites containing the 
word software, located within the 
download.com domain 


Intitle: intitle:google hacking 
will find all sites with the word 
google in the title and hacking in 
the text 

Allintitle: allintitle:google hacking 
will find all sites with the words 
google and hacking in the title 

Inurl: inurl:google hacking 
will find all sites containing the 
word hacking in the text and 
google in the URL 

Allinurl: allinurl:google hacking 
will find all sites with the words 
google and hacking in the URL 

filetype: filetype :pdf hacking 

(or ext:) will return PDFs containing the 
word hacking, while filetype :xls 
hacking will return Excel 
spreadsheets with the word 
hacking 

Numrange: numrange:50000-100000 car 
will return sites containing a 
number from 50000 to 100000 
and the word car. The same result 
can be achieved with 
50000..100000 car 

Link: link: www.google.com 
will return documents containing 
one or more links to 
www.google.com 

Inanchor: inanchor:hacking 
will return documents with links 
whose description contains the 
word hacking (that's the actual 
link text, not the URL indicated by 
the link) 

Allintext: allintext:google hacking 
will return documents which 
contain the phrase google 
hacking in their text only 

cache: cache :www.times ofindia.com 
will display Google’s cached 


version of a web page, instead of 
the current version of the page. 

info: info: www.google.com 

(or id:) will find the information about 
www.google.com 

related: related: www.times ofindia.com 
will find websites related to the 
timesofindia website. 

= ~hacking 
will find the synonym 
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“windows hacking” 

will find the phrase 

OR computer OR laptop 
will find the results include either 
search term. 

— ipod —itunes 

use — immediately before a search 

term you want to exclude 


+F +the 
use + immediately before 
automatically excluded search 
terms that you want included 


Google help center 
If you have the curiosity about Google, then the following website helps you out. 
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Help Website 
Center 


Google https://support. google.com 
Help Center 


Google+ https://support. google.com/plus 
Help center 


Google Play https://support. google.com/googleplay 
Help center 


YouTube https://support. google.com/youtube 
Help center 


Gmail Help https://support. google.com/mail 


center 


Web https://support. google.com/websearch 
Search 


Help center 


Google Map https://support. google.com/maps 
Help center 


Google https://support. google.com/chrome/ 
Chrome 
Help center 


Google www.google.com/insidesearch/features/ 
Features 


Backup all your facebook data like photos, videos, and text 


1. Login to your Facebook account. 


nanamn 


2. 
3. 


4. 
a. 
6. 


Click on the Arrow dropdown and then Settings. 
In General tab Click on Download a Copy at the bottom of page to backup your Facebook 


data. 


Click on Start My Archive button twice. 

Click on Confirm button. 

Now, Facebook will generate your personal archive and send to your default Email ID 
when it's ready. 


Facebook shortcut keys 


Facebook has shortcuts (access keys) for people who only use their keyboards to navigate. 


Find the right combination of keys for your browser in the list below, and replace # with the access 
key number listed under Access Keys below. 


Access Keys 


Internet Explorer for PC: Alt + #, then Enter 
Firefox for PC: Shift + Alt + # 

Safari for Mac: Ctrl + Opt + # 

Firefox for Mac: Ctrl + Opt + # 

Chrome for Mac: Ctrl + Opt + # 

Chrome for PC: Alt + # 


0 - Help 

1 - Home 

2 - Timeline 

3 - Friends 

4 - Inbox 

5 — Notifications 
6 — Settings 

7 - Activity Log 
8 - About 

9 - Terms 


Keyboard Shortcuts 


News Feed 


j and k - Scroll between News Feed stories 

enter/return - See more of the selected story 

p - Post a new status 

| - Like or unlike the selected story 

c - Comment on the selected story 

s - Share the selected story 

o - Open an attachment from the selected story 

/ - Search 

q - Search chat contacts 

? - Open a list of these keyboard shortcuts while in News Feed 


Web Messenger: 


CTRL + g - Search conversations 

CTRL + q - Show/hide keyboard shortcuts 

CTRL + Delete - Archive/unarchive conversation 
CTRL +j - Mark as spam 

CTRL+ m- Start a new message 

CTRL + 1 - Go to Inbox 

CTRL + u - Go to Other 


How to deactivate or permanently delete a Facebook account 
If you would like to delete your Facebook account, then 


1. Login to your Facebook account. 
2. Click on the Arrow dropdown and then Settings. 


/ 


iamai 


3. On the Security tab click on Deactivate Your Account at the bottom of page. 

4. Confirm Facebook Account Deactivation page will load. Select one of the reasons why 
you want to delete your Facebook account and click on confirm button. 

5. Your facebook account will be deactivated after again choosing the Deactivate button on 
next step. 


If you would like to delete your Facebook account permanently with no option for recovery, then 


1. Login to your Facebook account. 


2. Open https://www.facebook.com/help/delete_account in your browser 
3. Click on delete my account. 


Your facebook account will be deleted after choosing reasons why you want to delete your Facebook 
account and click on confirm button. 


Post blank status and comment on facebook 


This is an amazing trick to post blank status and comments on Facebook means your status update 
shows nothing and your friends will be amazed to see this. 


Updating Blank Status 


To update a blank status, 


1. Loginto your Facebook account. 

2. Click on Update Status box and Press the ALT key, hold it, and type 0,1,7,3 without those 
commas (ALT+0173). 

3. Click on Post. 


Tips: If you want to post multiple blank lines, then you should type the above code line by line. 
Posting Blank Comments 


Posting a blank comment is pretty much the same as creating a blank file or folder in windows. If you 
missed that article, catch it now. 


Okay, so to post a blank comment all you have to do is press the ALT key, hold it, and type 0,1,7,3 
without those commas (ALT+0173). Remember, do not release the alt key while typing. Now leave 


all the keys and press enter. 


Insert symbols and characters in Facebook status and comments 
This is a cool trick to update Facebook status 
1. Log into your Facebook account. 


2. Go to http://fsymbols.com/ 
3. Click and Copy the symbols and characters which you want to insert in facebook status 
4. Paste it in your facebook status and comments 


—_ 
a* 


s: SyTbals 


Facebook symbols anm i ee! 


a EA 
ze _ es Me 
= em V 
2 9 ’ X ¢ ùa? + é 
' otra 


z O 
E E £€ ewe € 


| 
€ 
[l 
| 
Y 


Note : Another website for your interest 


How to block people/apps/events/pages on facebook 
To do this, 
1. Log into your Facebook account. 
2. Click on the Arrow dropdown and then Settings. 
/ 


unmaael 


3. Click on Blocking on the left panel. 
4. Then block anything you want. 


View Facebook Photos in Full Screen Mode 


Now Facebook has published out new photo viewer. This feature allows users to view Facebook 
photos in full screen mode. 


1. First open a photo by clicking on it. 
2. Place the mouse pointer on it and click on Options at the bottom right of the photo. 
3. Click on Enter Fullscreen for view facebook photos in full screen mode. 


4. That's it and now use Esc key for exit full screen mode. 


How to find if somebody hacked your facebook account 


Now-a-days everybody wants to know everyone’ facebook password. So if they will get your 
password then your facebook account will be used in a bad way. This is a method to know who 
opens your account silently. To do this, 


1. Login to your Facebook account. 
2. Click on the Arrow dropdown and then Settings. 


/ 


ninani 


3. Click on Security tab, choose Where You're Logged In option. 
Find out the locations with time and devices to trace out whether you logged in or not at that 
time. 


4. Ifyou want to logout from that session then click on End Activity. 


How to Block Facebook Applications Forever 


Log into your Facebook account. 

Click on the Home-dropdown and then Privacy Settings. 
Click on Edit settings under Ads, Apps and Websites section. 
Click on Edit settings. 

Close all platform apps one by one. 


OP ee SE 


Who can look me up? On Facebook 


Log into your Facebook account. 

Click on the Arrow dropdown and then Settings. 

Click on Privacy tab 

Under the Who can look me up? Edit your desired settings. 


2 


Facebook Emoji 
Facebook includes a long list of emoji and emoticons that users can use in messages, status updates, 
comments and basically any place there is text on Facebook. You can use the emoji keyboard on your 
iPhone or Android, but you can also type out Facebook emoticon short codes in Facebook. 
FACEBOOK SHORT NAME 
EMOTICON CODE 
(y) Like 
O:) Angel 
3:) Devil 
8-) Glasses 
<3 Heart 
Kiss 
Pac Man 


Penguin 


ay 
w 
© 
e 
© 
e 
a 


Robot 


Shark 


Gasp 


Tongue Out 


Kiki 


Sunglasses 


Poop 


OB @0 eb 


Goofy Face / Cat 


The list of Facebook emoticons above includes the short code that you need to type in to Facebook to 
make the emoji. You can also copy and paste the short code from this list. 


Convert Facebook Profile into a Page 


The method is very cool as you will no need to individually invite all your friends to like your page 
as you will be just converting the Facebook profile into the page. So just follow up some of simple 
steps below to proceed. 


First of all login into your profile which you want to migrate to a Facebook page. 

. Now open the link to migrate your profile. 

3. Now you will see all the category in which you can change your page, select any of your 

choice or need. 

Now agree the Facebook terms and conditions and proceed. 

Note that converting your facebook profile into a page will lost all your facebook data and 
your friends will convert into your page likes. 

6. Facebook will ask you some security question while proceeding answer them and proceed. 

7. That is it you are done now your profile get completely converted into a page, share your 

links and media there. 


NO = 


Verify Facebook Page or Profile 


Facebook Page Verification method only four type of verification of pages or profiles in 2015 which 
are :- 


Journalists 

Popular Brand or Businesses 

Government Officials 

Celebrities 

These are the four categories of pages or profile which can be verified by Facebook with the new 
method of verification facebook page or profile 2015. Suppose if you have any local business which 
is popular then Facebook may claimed your page if you are official. And then there is no need to 
submit any type of request to Facebook for page verification. They automatically claim your page as 
verified depend on some details and minimum requirements mention by Facebook. 


If you have pages mentions above there will be chances to get your page or profile is verified and 
your Facebook page must be official represent your local business or any personality and may be 
have some popularity on Facebook. When you create Facebook page fill all the real info about your 
or your business so Facebook will get to know that your real person. You need to follow some 
instructions :- 


1. Link To Your Profile or Page From Official Website on your page or profile which you want to 
verify facebook page 2015. 


2. Provide accurate information in details about your business in About Section of Page or Profile. 
In About section you must add : 


Significant long and short description, 

Keyword who represent your business, 

Email, 

Official Website, 

Products and 

Verified Facebook Page Location with claimed business address 

And Other details in Page Info tab. 

To send them Facebook page verification “Request a verified Badge” request you need to 
follow the link given below and fill the real information. 


REQUEST FOR FACEBOOK PAGE OR PROFILE VERIFICATION 


Click to open the below link 


IREQUEST A VERIFIED BADGE 


Facebook Mentions is only available to people with verified Facebook profiles or Pages. To request 
a verified badge for your Page, please fill out this form. Fill in the required information and send 
request and then you are done. 


Accept/Reject all Facebook Requests at once 


The method is very simple and easy as you just have to use a simple Google Chrome extension that 
will work for you to accept or rejects all the friends’ requests at once. Just follow the simple steps 
discussed below to proceed. 


1. First of all in Google Chrome Browser open and install the extension Facebook Friends 
Requests Accept/Reject from here. 

2. Now a Facebook Friends Requests Accept/Reject icon at right top corner of chrome. 

3. Now open the link https://www.facebook.com/friends/requests and you will see all the 
Facebook request of your account. 

4. Now click on the Facebook Friends Requests Accept/Reject icon at right top corner of 
chrome. 

5. Now it will ask you for accept all or reject all just select according to your wish and then 
refresh the page. 

6. Now you will see all friends request will be accept or reject accordingly you had selected. 


Delete all Facebook Messages at once 


l. 


2. 


First ofall you need a simple browser extension that is available for both the Google 
Chrome and Mozilla Firefox. 

For Google Chrome download and install it from here and For Mozilla Firefox download 
and install it from here. 

Now after you installed these browser extension just proceed with login into your Facebook 
account whose messages you want to delete. 

Now go to your Facebook inbox where you will see all the messages that you have done 
with your friends. 

Now at the top right corner of your browser you will see Facebook Delete All Message 
Extension’s icon, just click on it. 

Now after clicking on it you will receive a popup confirming your action to delete all 
Facebook messages just confirm it. 

After a moment you will see All Chat History will get deleted. 


Hide last seen in Facebook chat 


Howe Last Seen in Facesook Cuar In GooGLE CHROME 


First of all install and open the Google Chrome Browser of your computer. 

Now in the browser open the link by clicking here. 

Now you will see Facebook unseen extension in the page displayed. 

Now click on install there and installation process will begin and the extension will get 
added in your browser. 

5. That’s it you are done now you can easily see all the message without showing the seen on 
that with this extension. 


PADE 


Hope Last Seen 1n Facegook Cuar In Moza Frrerox 


1. First of all install and open the Mozilla Firefox Browser of your computer. 

2. Now install the plugin stealth by clicking here. 

3. That’s it you are done now you can easilysee all the message without showing the 
seen on that with this extension. 


Wayback Machine 


It is a digital archive of the World Wide Web and other information on the Internet created by the 
Internet Archive, a non-profit organization, based in San Francisco, California. It was set up by 
Brewster Kahle and Bruce Gilliat, and is maintained with content from Alexa Internet. The service 
enables users to see archived versions of web pages across time, which the Archive calls a "three 
dimensional index." 


Since 1996, they have been archiving cached pages of web sites onto their large cluster of Linux 
nodes. They revisit sites every few weeks or months and archive a new version if the content has 
changed. The intent is to capture and archive content that would otherwise be lost whenever a site is 
changed or closed down. Their grand vision is to archive the entire Internet. 


The name Wayback Machine was chosen as a droll reference to a plot device in an animated cartoon 
series, The Rocky and Bullwinkle Show. In one of that animated cartoon's component segments, 
Peabody's Improbable History, lead characters Mr. Peabody and Sherman routinely used a time 
machine called the "WABAC machine" (pronounced wayback) to witness, participate in, and, more 
often than not, alter famous events in history. 


1. Go to http://archive.org/web/ 
A ae 


2. Then in the search bar enter the Website URL, which you wish to go back in it. 

Then click on BROWSE HISTORY. 

4. Select a date on that calendar and go you are now seeing the page of history of that 
website. 


Go 


WEB proxy server or HTTP proxy server 


In computer networks, a proxy server is a server (a computer system or an application) that acts as an 
intermediary for requests from clients seeking resources from other servers. A client connects to the 
proxy server, requesting some service, such as a file, connection, web page, or other resource 
available from a different server and the proxy server evaluates the request as a way to simplify and 
control its complexity. Proxies were invented to add structure and encapsulation to distributed 
systems. Today, most proxies are web proxies, facilitating access to content on the World Wide Web 
and providing anonymity. 


Communication between two computers (shown in grey) connected through a third computer 
(shown in red) acting as a proxy. Bob does not know whom the information is going to, which is 
why proxies can be used to protect privacy. 


List of WEB proxy servers or HTTP proxy servers 


https://www.hidemyass.com/proxy 
https://zend2.com/ 
https://kproxy.com/ 
https://hide.me/en/proxy 
https://www.proxfree.com/ 
https://www.filterbypass.me/ 
https://zendproxy.com/ 
WWww.anonproxy.eu/ 
www.cyberghostvpn.com/en/proxy 
http://proxy.org/ 


Glype 


A web-based proxy script is hosted on a website which provides a proxy service to users via a web 
browser. A proxy service downloads requested web pages, modifies them for compatibility with the 
proxy, and forwards them on to the user. Web proxies are commonly used for anonymous browsing 
and bypassing censorship and other restrictions. 


Glype : https://www.glype.com/ 


Glype Downloader : https://www.glype.com/download.php 


Glype is a web-based proxy script written in PHP which focuses on features, functionality, and ease 
of use. Webmasters use Glype to quickly and easily set up their own proxy sites. Glype helps users to 
defeat Internet censorship and be anonymous while web browsing. There have been over 949,000 
downloads of Glype since 2007. Thousands of web-based proxy websites are powered by Glype. 


Glype Features 


e Free for personal use and licensing options are available for commercial use. 

e Source Viewable and webmasters may modify the source code subject to the terms of the 

Software License Agreement. 

Plug and Play. Simply upload, configure and go! 

Admin Control Panel for easy management and configuration. 

JavaScript Support provides increased compatibility with websites. 

Skinable. A theme system allows for customization of your proxy. 

Access Controls blacklist users by IP address and websites by domain name. 

Blocked.com Integration protects the proxy by blocking specificed countries, filtering 

companies, malicious traffic, bots and spiders, and more. 

e Unique URLs provide greater privacy by expiring URLs in the browser history at the end of 
a browsing session. 

e Plugins allow for easy installion of site-specific modifications. Useful for adding new 
functionality to websites. 

e Advanced Options let users change their user-agent and referrer, manage cookies, and 
remove JavaScripts and Flash. 


Hide-My-IP.Com 


This is a tool which, once installed on your computer, will allow you to bypass censorship, hide your 
identity and surf the internet anonymously. 


https://www.hide-my-ip.com/ 


Surf anonymously, prevent hackers from acquiring your IP address, send anonymous email, and 
encrypt your Internet connection. Protect your online privacy by changing your IP with Hide My 
IP. 


& HIDE MY IP 


Anonymous Surfing With Hide My IP 


cecon 


JonDo — the IP changer 


Jb 


s://anonymous-proxy-servers.net/en/jondo. html 


You may use JonDonym for anonymous surfing, anonymous e-mail, chats and other purposes. JonDo, 
formerly JAP, is the ip changer proxy tool you have to install on your computer. It acts as a proxy and 
will forward the traffic of your internet applications multible encrypted to the mix cascades and so it 
will hide your ip address. It is a Java application, open source and you can download it for free. You 
may use JonDonym for free, but free mix cascades are restricted in some cases. 


JonDo will provide an anonymisation proxy for you, but it does NOT change your system setting. You 
have to configure the proxy setting of each internet application you want to use anonymous with 
JonDonym by self. 


VPN (Virtual Private Network) Services 


What's a VPN service? If you've ever had to connect to a corporate network while working remotely, 
you may already be familiar with the technology. In simplest terms, you are creating a secure, 
encrypted connection between your computer and your company's VPN server. This tunnel essentially 
makes you part of the company's network, as if you are physically sitting in the office. All your 
network traffic passes through this protected tunnel, and no one in the hotel you are staying in can see 
what you are up to. The VPN service is essentially the same idea, except the VPN provider is not 
letting you have access to its network, but rather offering secure access to the Internet. 


Think about it this way: if your car pulls out of your driveway, someone can follow you and see 
where you are going, how long you are at your destination, and when you are coming back. With a 
VPN service, you are essentially driving into a closed parking garage, switching to a different car, 
and driving out, and no one who was originally following you knows where you went. 


There is a caveat to this metaphor, though. Just as the person who was following you could figure out 


where you went if he or she happened to be at the supermarket when you got out of the car, there are 
complicated timing algorithms that can figure out your activity at the exact moment you leave the 
encrypted tunnel. VPN services, while tremendously helpful, are not fool-proof. As with anything else 
on the Internet, don't do anything stupid. 


There are several reasons why you should use VPN services: to change your IP address to something 
else, to prevent anyone from eavesdropping on your online activity while you are connected to Wi-Fi 
networks, and to make it harder for online advertisers to track you. There are activists who rely on 
VPN services to get around government censors to communicate with the outside world. Of course, 
that may be against the law in countries with strict censorship, so be careful. 


VPN services are very useful and we highly recommend using them to protect your online activity 
from malicious snoops. Yes, you can change your IP address to pretend to be from someplace else in 
order to access content that may be restricted on a geographic basis. But be smart: don't ignore the 
company's terms of service in order to get around the geographic restrictions for your own personal 
gratification. You can't complain if you get caught. 


How to Pick a VPN Service 


The VPN services market has exploded over the past three years. Many providers are capitalizing on 
the general population's growing concerns about surveillance and cyber-crime, which means it's 
getting hard to tell when a company is actually providing a secure service and when it's throwing out 
a lot of fancy words while selling snake oil. It's important to keep a few things in mind when 
evaluating which VPN service is right for you: reputation, performance, type of encryption used, 
transparency, ease of use, support, and extra features. Don't just focus on price. 


Despite widespread agreement that VPN services are important to online privacy, you don't actually 
see a lot of big-name security companies getting into the game. Symantec was one of the first security 
companies to dip its toe into the VPN pool, but it has since discontinued its Norton Hotspot Privacy 
product. F-Secure (Freedome) and Avast! (SecureLine) are among the few security companies still in 
the space. Most VPN providers tend to be stand-alone companies, such as Spotflux and AnchorFree 
(Hotspot Shield Elite), which makes it a little harder to figure out who to trust. I tend to trust 
companies that have been around a little longer, just because if they are terrible to their customers, 
then it would be easier to uncover the complaints than if the company just popped up a year ago. But 
your mileage may vary when looking at the company reputation. 


Performance is a must when considering VPN services. When you didn't have a lot of choices, you 
expected to have hiccups and lags while online. Now that there are services that still give you a great 
experience online while keeping you secure, there 1s no reason to accept slow speeds or servers 
which are frequently offline. We spend about a week testing each service at varying times of the day 
and from different locations to make sure we get a good idea of what the overall service is like. Look 
for services that provide a free trial, and take advantage of it. Make sure you are happy with what you 
sign up for, since most of them will not give you any refunds. This is actually why I also recommend 
starting out with a short term—a week or a month—to really make sure you are happy. Yes, you may 
get that discount by signing up for a year, but that's a lot of money to lose if you realize the service 
doesn't meet your performance needs. 


I am not a cryptography expert so I can't verify all of the encryption claims providers make. I do know 
that when I looked at my network traffic using tools such as Wireshark, they were encrypted. I 
verified that what URLs I visited and what data I was submitting on forms were not transmitted in 
plaintext. At the very least, there would be no virtual eavesdropping by the person sitting in the coffee 
shop. I prefer providers that use OpenVPN—1t's a standard, and it's a lot better than the common (and 
older) PPTP. I am not saying do not use PPTP—1t's still preferable to not having anything at all. 


Transparency is a big one for me. Is it easy to find the terms and conditions and privacy policy for the 
service? Does the privacy policy spell out what the service does, what it collects, and what its 
responsibilities are? There are companies that explain they collect some information but aren't clear 
on how it is being used. Some—like HideIPVPN—tell you upfront that P2P and torrenting is not 
allowed, and that they will cancel your account if they suspect you of using it while connected to their 
service. I appreciated TorGuard's clear explanation of how it keeps track of payment card 
information without maintaining any logging information. Find out where the company is based— 
some countries don't have data retention laws so it is easier to keep the "We don't keep any logs" 
promises. 


What kind of user are you? Some people are comfortable setting up the service by downloading a 
configuration file and importing it into the OpenVPN client. Others just want a simple executable to 
download, install, and be up and running. Or you may prefer something small and invisible operating 
in the background you don't have to think about. 


A decent VPN service should be easy enough to use that you don't have to worry about support. But 
you want help available for when things go wrong. Online tutorials and extensive documentation 
should be a must. Chat support and phone support are definitely useful for those times when you just 
need to get a person online. If the service accepts alternate payments, that's a good thing to look at. 
I've yet to use Bitcoin to sign up for any of these services, but I've used pre-paid cards to sign up for 
some. It's a little bit more work, but sometimes, it's not a bad idea to keep some payments separate 
from your main credit card. 


Finally, know what you are looking for. Do you just want a vanilla VPN service that just encrypts 
your connection and gives you a brand-new IP address? Or are you looking for something more? I 
personally prefer a service which acts proactively and shuts down certain applications if my VPN 
connection drops suddenly (Kill Switch). Perhaps you want the service to automatically turn on—or 
prompt you to turn on—if you launch a browser. Or you want some kind of network metering so that 
you can track your usage. Perhaps you want to block aggressive advertising trackers. If you are a 
heavy BitTorrent user, don't select a VPN service which specifically says it won't allow P2P or 
torrents. 


Useful Extensions and Add-ons 


For Google Chrome : https://chrome.google.com/webstore/category/extensions 
AdBlock 


The original AdBlock for Chrome. Block all advertisements on all web pages, even 
Facebook, Youtube, and Hulu. 


It works automatically: just click "Add to Chrome," then visit your favorite website and see 
the ads disappear! 


You can also get AdBlock for Safari, Opera, and Firefox from getadblock.com. 
Adblock for Youtube 
Removes the video ads from Youtube 
Facebook AdBlock 
Tired of Facebook ads? 
No problem ! Just install this AdBlock extension and all your problems are gone. 


This Facebook AdBlock will remove the ads from your Facebook page, to leave you with 
clean Facebook pages. 


Photo Zoom for Facebook 


Join nearly 5 million people using Photo Zoom for Facebook, the Highest Rated Most 
Popular Extension for Google Chrome! 


FlashControl 
FlashControl prevents Flash content from loading unless you allow it. 
Google Dictionary (by Google) 
View definitions easily as you browse the web. 
Google Mail Checker 


Displays the number of unread messages in your Google Mail inbox. You can also click the 
button to open your inbox. 


Popup Blocker Pro 
Blocks unwanted popups and popunders on sites you visit. 


You will see a notification when any popup is blocked. You can add sites to whitelist to 
ignore this. 


White list is synchronised to all chrome browsers that you are signed in. 
Ghostery 

Protect your privacy. See who's tracking your web browsing with Ghostery. 
Silver Bird 


Silver Bird is a Twitter extension that allows you to follow your timelines and interact with 
your Twitter account. 


WOT 


WOT helps you find trustworthy websites based on millions of users’ experiences and is 
one of Chrome’s most popular add-ons 


Video Downloader professional 


Download videos from web sites or just collect them in your video list without 
downloading them. 


Turn Off the Lights 


The entire page will be fading to dark, so you can watch the videos as if you were in the 
cinema 


LastPass: Free Password Manager 


LastPass, an award-winning password manager, saves your passwords and gives you 
secure access from every computer and mobile device 


Click& Clean 


Deletes typed URLs, Cache, Cookies, your Download and Browsing History...instantly, 
with just 1-click on Click&Clean button 


Speed Dial [FVD] 


New Tab Page Replacement with 3D Speed Dial and predefined images, sync and organize 
your bookmarks, groups, and most visited 


Facebook Invite All 
Automatically invite all your facebook friends to Events or Pages with just one click 
Todoist: To-Do list and Task Manager 


Todoist is the leading online to-do list and task manager. We manage millions of to-dos and 
we are ready to manage yours as well! 


Emoji Input by EmojiStuff.com 


Allows you to see and input emoji on any website. Can replace Twitter and Gmail style 
emoji with iPhone style emoji. 


Buffer 


Buffer is the best way to share great content to Twitter, Facebook and LinkedIn from 
anywhere on the web, with just one click. 


Evernote Web Clipper 
Use the Evernote extension to save things you see on the web into your Evernote account. 
Tampermonkey 


The most popular userscript manager for Blink-based browsers 


feedly Mini 
The easiest way to add content to your feedly. 
Proxy SwitchySharp 


Manage and switch between multiple proxies quickly & easily. Based on "Proxy Switchy!" 
& "SwitchyPlus" 


Pushbullet 
Bringing together your devices, friends, and the things you care about. 
RSS Feed Reader 


Get a simple overview of your RSS and Atom feeds in the toolbar 


For Mozilla Firefox : https://addons.mozilla.org/en-US/firefox/extensions/ 
Adblock Plus 


Adblock Plus blocks all annoying ads, and supports websites by not blocking unobtrusive 
ads by default (configurable). 


Video DownloadHelper 

The easy way to download and convert Web videos from hundreds of YouTube-like sites. 
NoScript Security Suite 

The best security you can get in a web browser! 


Allow active content to run only from sites you trust, and protect yourself against XSS and 
Clickjacking attacks. 


Ghostery 
Protect your privacy. See who's tracking your web browsing and block them with Ghostery. 
Speed Dial [FVD] 


FVD Speed Dial - Speed dial button, Online Synchronization, New Tab Start Page, 
Organize bookmarks, Custom backgrounds, custom dials, organized groups, most visited 
dials. 


Tab Mix Plus 


Tab Mix Plus enhances Firefox's tab browsing capabilities. It includes such features as 
duplicating tabs, controlling tab focus, tab clicking options, undo closed tabs and windows, 
plus much more. It also includes a full-featured session manager. 


YouTube Video and Audio Downloader 
Downloads YouTube videos in all available formats (FLV, MP4, WebM, and 3GP) with 


video quality of your choice. It also contains a pure JavaScript library to extract the 
ORIGINAL audio file embedded in video files. 


Web Developer 

The Web Developer extension adds various web developer tools to the browser. 
X-notifier (for Gmail, Hotmail, Yahoo,AOL ...) 

Notifier for gmail, yahoo, hotmail, aol and more webmails. 


X-notifier(aka WebMail Notifier) checks your webmail accounts and notifies the number of 
unread emails... 


Supports : gmail, yahoo, hotmail, POP3/IMAP, facebook, twitter and more 
Web of Trust — WOT 


Find out which websites you can trust. WOT adds intuitive traffic light-style icons next to 
search results and URLs to help you make informed decisions about whether to visit a site 
or not. 


FoxyProxy Standard 


FoxyProxy is an advanced proxy management tool that completely replaces Firefox's 
limited proxying capabilities. For a simpler tool and less advanced configuration options, 
please use FoxyProxy Basic. 


Fastest Search - Browse/Shop Faster! 


Search/browse/shop faster than ever! Ctrl-Shift-F for whole-word/regex/all tabs/diacritic 
search;create custom engines;shopping assistant compares price;Smart SearchBox;Preview 
results;Auto copy plain text, dnd save image/open link. 


DownThemAIll! 
The first and only download manager/accelerator built inside Firefox! 
LastPass Password Manager 


LastPass, an award-winning password manager, saves your passwords and gives you 
secure access from every computer and mobile device. 


AutoProxy 


Are you concerned about your privacy? Or, are you blocked from some websites by a 
firewall? And, are you arming yourself with a proxy? In that case, AutoProxy is designed 
for you! A tool to help you use your proxy automatically & efficiently. 


Kee Fox 


Simple and secure password management. Login automatically, never forget another 
password, stay in control of your passwords and improve their security. Powered by the 
world-renowned KeePass Password Safe. 


LeechBlock 


LeechBlock is a simple productivity tool designed to block those time-wasting sites that can 
suck the life out of your working day. All you need to do is specify which sites to block and 
when to block them. 
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Kevin Mitnick : a.k.a The Condor, The Darkside Hacker 
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Kevin David Mitnick (born August 6, 1963) is an American computer security consultant, author 
and hacker. 


He was once the most wanted cybercriminal in the world. He had an obsession with computers that 
escalated into a two and half year hacking spree where he stole millions of dollars of corporate 
secrets from IBM, Motorola, telecom companies and even the National Defense warning system. 


At age 15, Mitnick used social engineering and dumpster diving to bypass the punch card system used 
in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket 
punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. 
Social engineering later became his primary method of obtaining information, including user-names 
and passwords and modem phone numbers. 


Mitnick first gained unauthorized access to a computer network in 1979, at 16, when a friend gave 
him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) usec 
for developing their RSTS/E operating system software. He broke into DEC's computer network an 
copied their software, a crime he was charged with and convicted of in 1988. He was sentenced to 12 
months in prison followed by three years of supervised release. Near the end of his supervised 
release, Mitnick hacked into Pacific Bell voice mail computers. After a warrant was issued for his 
arrest, Mitnick fled, becoming a fugitive for two and a half years. 


According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens o 
computer networks while he was a fugitive. He used cloned cellular phones to hide his location and, 


among other things, copied valuable proprietary software from some of the country's largest cellular 
telephone and computer companies. Mitnick also intercepted and stole computer passwords, altered 
computer networks, and broke into and read private e-mail. Mitnick was apprehended on February 
15, 1995, in Raleigh, North Carolina. He was found with cloned cellular phones, more than 100 clone 
cellular phone codes, and multiple pieces of false identification. 


In 1999, he was convicted of various computer and communications-related crimes. At the time of his 
arrest, he was the most-wanted computer criminal in the United States. 
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Since 2000, Mitnick has been a paid security consultant, public speaker and author. He does security 
consulting for Fortune 500 companies, performs penetration testing services for the world's largest 
companies and teaches Social Engineering classes to dozens of companies and government agencies. 


Vladimir Levin : a.k.a Vova 
First internet bank robber 


He is a Russian-born Jewish individual famed for his involvement in the attempt to fraudulently 
transfer USD 10.7 million via Citibank's computers. 


A 


He was delivered into U.S. custody in September 1997, and tried in the United States District Cour 
for the Southern District of New York. In his plea agreement he admitted to only one count of 
conspiracy to defraud and to stealing US$3.7 million. In February 1998 he was convicted anc 


sentenced to three years in jail, and ordered to make restitution of US$240,015. Citibank claimed that 
all but US$400,000 of the stolen US$10.7 million had been recovered. 


In 2005 an alleged member of the former St. Petersburg hacker group, claiming to be one of the 
original Citibank penetrators, published under the name ArkanoiD a memorandum on popular 
Provider.net.ru website dedicated to telecom market. According to him, Levin was not actually a 
scientist (mathematician, biologist or the like) but a kind of ordinary system administrator who 
managed to get hands on the ready data about how to penetrate in Citibank machines and then exploit 
them. 


ArkanoiD emphasized all the communications were carried over X.25 network and the Internet was 
not involved. ArkanoiD's group in 1994 found out Citibank systems were unprotected and it spent 
several weeks examining the structure of the bank's USA-based networks remotely. Members of the 
group played around with systems' tools (e.g. were installing and running games) and were unnoticed 
by the bank's staff. Penetrators did not plan to conduct a robbery for their personal safety and stopped 
their activities at some time. One of them later handed over the crucial access data to Levin 
(reportedly for the stated $100). 


In 2005 an anonymous hacker group came claiming that they were the ones truly responsible for 
the theft and that they only sold Vladimir the data needed to steal the money. 


Gary Mckinnon : a.k.a Solo 
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He was known by his Internet handle, “Solo.” Using that name, he coordinated what woula 
become the largest military computer hack of all time. The allegations are that he, over a 13- 
month period from February 2001 to March 2002, illegally gained access to 97 computers 
belonging to the U.S. Armed Forces and NASA. 


He claimed that he was only searching for information related to free energy suppression and UFC 
activity cover-ups. But according to U.S. authorities, he deleted a number of critical files, rendering 
over 300 computers inoperable and resulting in over $700,000 in damages. 


Being of Scottish descent and operating out of the United Kingdom, he was able to dodge the 
American government for a time. As of today, he continues to fight against extradition to the United 
States. 


Mathew Bevan (a.k.a Kuji) and Richard Pryce (a.k.a Datastream Cowboy) 


This British hacking duo took the U.S. government for a ride when they attacked the Pentagon’: 


network for several weeks in 1994. They copied battlefield simulations from Griffiss Air Force Base 
in New York, intercepted messages from U.S. agents in North Korea, and got access into a Korear 
nuclear facility. Pryce was a 16-year-old then, and Bevan was 21 (he's thought to have been tutoring 
Pryce). 


The hacking attacks were especially troublesome for the U.S. government because they couldn't tell 11 
the duo was using their system to hack into a South or North Korea - if it were North Korea, the 
attacks could've been seen as an act of war. Luckily, South Korea was the hackers' target, and after an 
international investigation, they were arrested in the following year. 


Michael Calce : a.k.a MafiaBoy 


He was a high school student from West Island, Quebec, who launched a series of highly 
publicized denial-of-service attacks in February 2000 against large commercial websites, 
including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN. He also launche 
a series of failed simultaneous attacks against 9 of the 13 root name servers. 


On February 7, 2000, Calce targeted Yahoo! with a project he named Rivolta, meaning “riot” in 
Italian. Rivolta was a denial-of-service attack in which servers become overloaded with different 
types of communications to the point where they shut down completely. At the time, Yahoo! was a 
multibillion dollar web company and the top search engine. Mafiaboy's Rivolta managed to shut 
down Yahoo! for almost an hour. Calce's goal was, according to him, to establish dominance for 
himself and TNT, his cybergroup, in the cyberworld. Buy.com was shut down in response. Calce 
responded to this in turn by bringing down Ebay, CNN, Amazon and Dell.com via DDoS over thi 
next week. 


In a 2011 interview, Calce tried to redeem his image by saying that the attacks had been launched 
unwittingly, after inputting known addresses in a security tool he had downloaded from a repository 
on the now defunct file-sharing platform Hotline, developed by Hotline Communications. Calce 
would then have left for school, forgetting the application which continued the attacks during most of 
the day. Upon coming home Calce found his computer crashed, and restarted it unaware of what had 
gone on during the day. Calce claimed when he overheard the news and recognized the companies 
mentioned being those he had inputted earlier in the day that he "started to understand what might have 
happened". 


Adrian Lamo : a.k.a The Homeless hacker 


He was a mobile hacker who launched his work from the confines of Internet cafes, libraries or 
coffee shops. He actually did it just as a challenge and for fun, as he would regularly break into 
computer systems and then immediately tell the owner of the network about its vulnerability. He 
even made himself an expert by adding his name to the database of the New York Times. 


Lamo first gained media attention for breaking into several high-profile computer networks, including 
those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest. In 2010, Lamo 
reported U.S. soldier PFC Bradley Manning (now known as Chelsea Manning) to federal authorities 
claiming that Manning had leaked hundreds of thousands of sensitive U.S. government documents tc 
WikiLeaks. Manning was arrested and incarcerated in the U.S. military justice system and late 
sentenced to 35 years in confinement. 


Jeanson James Ancheta : a.k.a Resilient 


He became the first person to be charged for controlling large numbers of hijacked computers or 
botnets on May 9, 2006. 


In 2004 he started to work with botnets rxbot, a computer worm that can spread his net of infected 
computers which gave him control to 500,000 computers including US military computers. 


In November 2005 he was captured in an elaborate sting operation when FBI agents lured him to theii 
local office on the pretext of collecting computer equipment. The arrest was part of the Operation Bot 
Roast. 


On May 9, 2006 Ancheta pleaded guilty to four felony charges of violating United States Code 
Section 1030, Fraud and Related Activity in Connection with Computers. Ancheta must serve 6( 
months in prison, forfeit a 1993 BMW and more than $58,000 in profit. He must also pay restitutior 
of $15,000 US to the U.S. federal government for infecting the military computers. 


Jonathan James : a.k.a cOmrade 


He (December 12, 1983 — May 18, 2008) was an American hacker who was the first juvenile 
incarcerated for cybercrime in the United States. The South Florida native was 15 years old at the 
time of the first offense and 16 years old on the date of his sentencing. 


What is his ticket to fame? He was convicted and sent to prison for hacking in the United States—all 
while he was still a minor. At only fifteen years of age, he managed to hack into a number of 
networks, including those belonging to Bell South, Miami-Dade, the U.S. Department of Defense, anı 
NASA. 


Yes, James hacked into NASA’s network and downloaded enough source code to learn how the 
International Space Station worked. The total value of the downloaded assets equaled $1.7 million 
To add insult to injury, NASA had to shut down their network for three whole weeks while they 
investigated the breach, which cost them $41,000. 


The story of James has a tragic ending, however. In 2007, a number of high profile companies fell 
victim to a massive wave of malicious network attacks. Even though James denied any involvement, 
he was suspected and investigated. In 2008, James committed suicide, believing he would be 
convicted of crimes that he did not commit. 


Albert Gonzalez 


He paved his way to Internet fame when he collected over 170 million credit card and ATM card 
numbers over a period of 2 years. Yep. Thats equal to a little over half the population of the 
United States. 


He started off as the leader of a hacker group known as ShadowCrew. This group would go on tc 
steal 1.5 million credit card numbers and sell them online for profit. ShadowCrew also fabricated 
fraudulent passports, health insurance cards, and birth certificates for identity theft crimes totaling 
$4.3 million stolen. 


The big bucks wouldn’t come until later, when Gonzalez hacked into the databases of TJX Companie: 
and Heartland Payment Systems for their stored credit card numbers. In 2010, Gonzalez wa: 
sentenced to prison for 20 years (2 sentences of 20 years to be served out simultaneously). 


Kevin Poulsen : a.k.a Dark Dante 


He gained his fifteen minutes of fame by utilizing his intricate knowledge of telephone systems. Al 
one point, he hacked a radio stations phone lines and fixed himself as the winning caller, earning 
him a brand new Porsche. According to media, he was called the “Hannibal Lecter of computer 
crime.” 


He then earned his way onto the FBI’s wanted list when he hacked into federal systems and stole 
wiretap information. Funny enough, he was later captured in a supermarket and sentenced to 51 
months in prison, as well paying $56,000 in restitution. 


Like Kevin Mitnick, Poulsen changed his ways after being released from prison. He began working as 
a journalist and is now a senior editor for Wired News. At one point, he even helped law 
enforcement to identify 744 sex offenders on MySpace. 


Anonymous 


The concept of being a “digital Robin Hood” was far from being conceived, but in the computer age. 
it is very likely that someone somewhere has bagged this title. A “hacktivist group” called 
Anonymous are known with the penname of being the “digital Robin Hood” amongst its supporters. 
Identified in public by wearing a Guy Fawkes Masks, Anons, as they are widely known, have 
publicized themselves by attacking the government, religious and corporate websites. The Vatican, 
the FBI, the CIA, PayPal, Sony, Mastercard, Visa, Chinese, Israeli, Tunisian, and Uganda 
governments have been amongst their targets. Although, Anons have been arguing whether to engage 
in a serious activism or a mere entertainment, many of the group members have clarified their intent 
which is to attack internet censorship and control. 


Anonymous originated in 2003 on the imageboard 4chan, representing the concept of many online and 
offline community users simultaneously existing as an anarchic, digitized global brain. 


Beginning with 2008's Project Chanology—a series of protests, pranks, and hacks targeting the 
Church of Scientology—the Anonymous collective became increasingly associated with 
collaborative hacktivism on a number of issues internationally. Individuals claiming to align 
themselves with Anonymous undertook protests and other actions (including direct action) in 
retaliation against anti-digital piracy campaigns by motion picture and recording industry trade 
associations. 


In 2012, Time called Anonymous one of the "100 most influential people" in the world. 


Anons have publicly supported WikiLeaks and the Occupy movement. Related groups LulzSec anc 
Operation AntiSec carried out cyberattacks on US government agencies, media, video game 
companies, military contractors, military personnel, and police officers, resulting in the attention of 
law enforcement to the groups' activities. It has been described as being anti-Zionist, and has 
threatened to erase Israel from the Internet and engaged in the "#OpIsrael" cyber-attacks of Israel 
websites on Yom HaShoah (Holocaust Remembrance Day) in 2013. 


LulzSec 


LulzSec or Lulz Security, a high profile, Black Hat hacker group, gained credentials for hacking intc 
Sony, News International, CIA, FBI, Scotland Yard, and several noteworthy accounts. So notoriou 
was the group that when it hacked into News Corporations account, they put across a false report of 
Rupert Murdoch having passed away. While the group claims to have retired from their vile duties, 
the motto of the group, “Laughing at your security since 2011!” stays alive. There are assertions of the 
group having hacked into the websites of the newspapers like The Times and The Sun to post its 
retirement news. Many, however, claim that this group had taken it upon itself to create awareness 
about the absence of efficient security against hackers. 


One of the founders of LulzSec was a computer security specialist who used the online moniker Sabu 
The man accused of being Sabu has helped law enforcement track down other members of the 
organization as part of a plea deal. At least four associates of LulzSec were arrested in March 2012 
as part of this investigation. British authorities had previously announced the arrests of two teenagers 
they allege are LulzSec members T-flow and Topiary. 


Astra 


Astra, a Sanskrit word for weapon was the penname of a hacker who dealt in the weapon stealing and 
selling. A 58-year-old Greek Mathematician hacked into the systems of France’s Dassault Group. 
stole vulnerable weapons technology data and sold it to different countries for five long years. While 
the real identity of the ASTRA remains untraced, officials have said that he had been wanted since 
2002. Astra sold the data to approximately 250 people from around the globe, which cost Dassault 
$360 millions of damage. 


